Mikrotik: Blocking unwanted connections with external IP list
As of April 2023 blocklist has almost 5MB, installing this on a device with low disk space, such as HeX PoE, may (and almost certainly will) cause issues such as inability to save other settings if disk is full.
You have been warned.
If you own a device with 16MB disk space I recommend using light version of the list (without pfSense sources)
When setting a public facing web proxy I noticed quite a big number of connections coming from the East (mostly Russia, China, Koreas, Ukraine) scanning my resources. I could either start collecting these addresses, what would be a long process and would not help much as it would take ages to build a decent list or pull a premade list of known offenders and add them to my Mikrotik firewall. RouterOS makes that easy, it can download external files, it can block whole subnets, what else would I need?
If you found this post before my GitHub repo, it’s here.
To make it work, you need to have 2 scripts added (one pulling list, one replacing it), 2 schedules to run these scripts and a firewall rule.
- Download install.rsc or install-light.rsc file from the repo and upload it to your device
- In the Mikrotik terminal run:
/import install.rscor/import install-light.rscdepending what list you need. - Enjoy!
You can also import install.rsc file, it will do all of above for you. Get it from the github, upload to MT and run /import file-name=install.rsc in terminal. You still need to manually add firewall rule.
January 2020 edit: This list is now automatically updating every week.
April 2023 edit: List has been fixed, I have also added additional sources and a lightweight list.