Virtually…

Mikrotik: Blocking unwanted connections with external IP list

Published: (Updated: ) in Security by .

How to block unwanted connections using RouterOS lists.

January 2020 edit: This list is now automatically updating every week.

When setting a public facing web proxy I noticed quite a big number of connections coming from the East (mostly Russia, China, Koreas, Ukraine) scanning my resources. I could either start collecting these addresses, what would be a long process and would not help much as it would take ages to build a decent list or pull a premade list of known offenders and add them to my Mikrotik firewall.
RouterOS makes that easy, it can download external files, it can block whole subnets, what else would I need?

Unless you found this post before my GitHub list, it’s hosted here.

To make it work, you need to have 2 scripts added (one pulling list, one replacing it), 2 schedules to run these scripts and a firewall rule.

Download script:
/system script add name="blacklist-dl" source={/tool fetch url="https://raw.githubusercontent.com/pwlgrzs/Mikrotik-Blacklist/master/blacklist.rsc" mode=https}
Update script:
/system script add name="blacklist-replace" source {/ip firewall address-list remove [find where comment="blacklist"]; /import file-name=blacklist.rsc}
Download schedule:
/system scheduler add interval=7d name="dl-mt-blacklist" start-date=Jan/01/2000 start-time=00:05:00 on-event=blacklist-dl
Update schedule:
/system scheduler add interval=7d name="ins-mt-blacklist" start-date=Jan/01/2000 start-time=00:10:00 on-event=blacklist-replace

Finally add this list you your firewall:
/ip firewall filter add chain=input action=drop connection-state=new src-address-list=blacklist in-interface=IFNAME
Replace IFNAME with the actual WAN interface name

Grande Finale!
You can also import install.rsc file, it will do all of above for you. Get it from the github, upload to MT and run /import file-name=install.rsc in terminal. You still need to manually add firewall rule.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *