Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik_blocklist [2019/03/22 12:46]
gcooper
+++ networking:router:mikrotik_blocklist [2024/02/24 14:44] (current)
gcooper
@@ Line 1: / Line 1: @@
 ====== Mikrotik Block Lists ======
+FIXME **New Method**: https://forum.mikrotik.com/viewtopic.php?f=9&t=152632&p=758435
+**Another way to block ads**: https://stopad.hook.sh/
+**Block by Country**: https://mikrotikconfig.com/firewall/
 ===== Sources =====
@@ Line 23: / Line 29: @@
   * The **DShield list** is small, but up to date.
   * The **Spamhaus list** is also fairly small and up to date.
-  * The **BDE All list** is quite long and will cause the router's web interface to misbehave if you select the Address List page (this does not happen in Winbox).  A better choice for a low end router might be the ''last hour'' list.
+  * The **BDE All list** is quite long and will cause the router's **web** interface (not Winbox) to misbehave when viewing lists.
+  * The **BDE list** is made up of the most recent attackers and the size of the list can be adjusted by changing the number for 'time' (max is about 18 hours).  A better choice for a low end router might be the ''last hour'' list rather than the ''last four hours'' list (14400 seconds).
     * https://api.blocklist.de/getlast.php?time=3600
   * The **VoIPBL list** is also quite long (over 12,000 entries) and will cause the router's web interface to misbehave even more.  **If implementing this list, use Winbox to access the Address List page**.
@@ Line 34: / Line 41: @@
 === blocklists4mt.sh ===
-:!: We use a **dynamic address-list a 7-day timeout** in an attempt at eliminating cruft and minimizing flash (NAND) writes.
+:!: We use a **dynamic address-list with a 7-day timeout** in an attempt at eliminating cruft and minimizing flash (NAND) writes.
-:!: We use a very crude mechanism to **limit the size of the combined list**.  You can **carefully** adjust the number of characters considered in sorting using the ''uniq -w'' argument.
+:!: We use a very crude mechanism to **limit the size of the combined list**.  You can **carefully** adjust the number of characters considered in sorting using the ''uniq -w 36'' argument in the last line.  This can also eliminate errors running the script due to duplicate or overlapping entries.
 <file>
 #!/bin/sh
-#
-# We use a 7-day timeout in an attempt at eliminating cruft and minimizing flash (NAND) writes.
-#
-# We use a very crude mechanism to limit the size of the combined list.  You can adjust the number of
-# characters considered in sorting using the 'uniq -w' argument.
-#
 saveTo=/home/virtualarchitects/public_html/blocklists
 now=$(date);
@@ Line 51: / Line 52: @@
 echo "# Generated by blocklists4mt.sh on $now" > $saveTo/dshield.rsc
 echo "/ip firewall address-list" >> $saveTo/dshield.rsc
-wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print "add list=blocklist address=" $1 "/24 timeout=7d comment=DShield";}' >> $saveTo/dshield.rsc
+wget -q -O - https://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print "add list=blocklist address=" $1 "/24 timeout=7d comment=DShield";}' >> $saveTo/dshield.rsc
 echo "# Generated by blocklists4mt.sh on $now" > $saveTo/spamhaus.rsc
 echo "/ip firewall address-list" >> $saveTo/spamhaus.rsc
-wget -q -O - http://www.spamhaus.org/drop/drop.lasso | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "add list=blocklist address=" $1 " timeout=7d comment=SpamHaus";}' >> $saveTo/spamhaus.rsc
+wget -q -O - https://www.spamhaus.org/drop/drop.lasso | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "add list=blocklist address=" $1 " timeout=7d comment=SpamHaus";}' >> $saveTo/spamhaus.rsc
 wget -q -O - http://www.spamhaus.org/drop/edrop.lasso | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "add list=blocklist address=" $1 " timeout=7d comment=SpamHaus";}' >> $saveTo/spamhaus.rsc
 echo "# Generated by blocklists4mt.sh on $now" > $saveTo/bde.rsc
 echo "/ip firewall address-list" >> $saveTo/bde.rsc
-wget -q -O - http://lists.blocklist.de/lists/all.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=blocklist address=" $1 " timeout=7d comment=BDE";}' >> $saveTo/bde.rsc
+wget -q -O - https://api.blocklist.de/getlast.php?time=14400 | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=blocklist address=" $1 " timeout=7d comment=BDE";}' >> $saveTo/bde.rsc
 echo "# Generated by blocklists4mt.sh on $now" > $saveTo/voipbl.rsc
 echo "/ip firewall address-list" >> $saveTo/voipbl.rsc
-wget -q -O - http://www.voipbl.org/update/ | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=blocklist address=" $1 " timeout=7d comment=VoIPBL";}' >> $saveTo/voipbl.rsc
+wget -q -O - https://voipbl.org/update/ | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=blocklist address=" $1 " timeout=7d comment=VoIPBL";}' >> $saveTo/voipbl.rsc
+# dshield, bde, spamhaus and voipbl lists
+#echo "# Generated by blocklists4mt.sh on $now" > $saveTo/combined.rsc
+#echo "# This is a combined blocklist created from unique entries in the" >> $saveTo/combined.rsc
+#echo "# DShield, SpamHaus, BDE and VoIPBL blocklists." >> $saveTo/combined.rsc
+#echo "/ip firewall address-list" >> $saveTo/combined.rsc
+#cat $saveTo/dshield.rsc $saveTo/bde.rsc $saveTo/spamhaus.rsc $saveTo/voipbl.rsc |sort |grep -v '^$\|^\s*\#|^\/' |uniq -w 38 >> $saveTo/combined.rsc
+# dshield, bde and spamhaus lists
+#echo "# Generated by blocklists4mt.sh on $now" > $saveTo/combined.rsc
+#echo "# This is a combined blocklist created from unique entries in the" >> $saveTo/combined.rsc
+#echo "# DShield, SpamHaus and BDE blocklists." >> $saveTo/combined.rsc
+#echo "/ip firewall address-list" >> $saveTo/combined.rsc
+#cat $saveTo/dshield.rsc $saveTo/bde.rsc $saveTo/spamhaus.rsc |sort |grep -v '^$\|^\s*\#|^\/' |uniq -w 39 >> $saveTo/combined.rsc
+# dshield, voipbl and spamhaus lists
 echo "# Generated by blocklists4mt.sh on $now" > $saveTo/combined.rsc
 echo "# This is a combined blocklist created from unique entries in the" >> $saveTo/combined.rsc
-echo "# DShield, SpamHaus, BDE and VoIPBL blocklists." >> $saveTo/combined.rsc
+echo "# DShield, SpamHaus and VoIPBL blocklists." >> $saveTo/combined.rsc
 echo "/ip firewall address-list" >> $saveTo/combined.rsc
-cat $saveTo/dshield.rsc $saveTo/bde.rsc $saveTo/spamhaus.rsc $saveTo/voipbl.rsc |sort |grep -v '^$\|^\s*\#|^\/' |uniq -w 36 >> $saveTo/combined.rsc
+cat $saveTo/dshield.rsc $saveTo/voipbl.rsc $saveTo/spamhaus.rsc |sort |grep -v '^$\|^\s*\#|^\/' |uniq -w 36 >> $saveTo/combined.rsc
-</file>
-==== Run the Script Daily ====
+# dshield and spamhaus lists
-Here is one way to configure ''cron'' to run the script every day.
+#echo "# Generated by blocklists4mt.sh on $now" > $saveTo/combined.rsc
+#echo "# This is a combined blocklist created from unique entries in the" >> $saveTo/combined.rsc
-<file>
+#echo "# DShield and SpamHaus blocklists." >> $saveTo/combined.rsc
-chown root.root blocklists4mt.sh
+#echo "/ip firewall address-list" >> $saveTo/combined.rsc
-chmod +x blocklists4mt.sh
+#cat $saveTo/dshield.rsc $saveTo/spamhaus.rsc |sort |grep -v '^$\|^\s*\#|^\/' |uniq -w 39 >> $saveTo/combined.rsc
-cp -a blocklists4mt.sh /etc/cron.daily/
 </file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools