Community discussions

MikroTik App

Search found 14 matches

by gsbiz
Mon Feb 22, 2021 2:34 pm
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 42
Views: 8455

Re: v6.49beta [testing] is released!

No fix for DoH memory leak yet? I agree, I was also waiting for a DoH memory leak fix. +1 on the DoH memory leak. The reality is that should be called as a CVE. Mikrotik RouterOS v6.47+ "DNS Request flood causes cache overflow and DNS server failure, if DoH is enabled" Status=Current.
by gsbiz
Fri Feb 05, 2021 9:13 pm
Forum: Announcements
Topic: v6.48.1 [stable] is released!
Replies: 98
Views: 17707

Re: v6.48.1 [stable] is released!

Again, the DoH memory leak isn't fixed. Sigh.
by gsbiz
Sat Oct 10, 2020 5:37 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 5
Views: 641

Re: Importing IP List from file

Try these 5 lines. just add your own TLD's, it will add an address list for each TLD. Run it again to update them. You will need to create a firewall rule to drop the TLD lists. Beware the lists are huge (who woulda guessed) and if you load them into memory they will take it all, so select your TLD'...
by gsbiz
Wed Oct 07, 2020 3:23 pm
Forum: Scripting
Topic: Best way to trigger DYNDNS Script and why no Event Triggers for Scripts?
Replies: 2
Views: 334

Re: Best way to trigger DYNDNS Script and why no Event Triggers for Scripts?

Hi, Sorry I don't believe there is, well I couldn't find any event driven anything in my research. Perhaps someone more enlightened can inform us both? But I agree with you event driven scripting and scheduling would be a welcome addition to RouterOS. I know it's not what you are after but it may he...
by gsbiz
Tue Aug 04, 2020 6:21 pm
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 17
Views: 3600

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

Hi All,
I reported this problem to Mikrotik Support, I have just had this response:
Hello,

We are seeing similar reports, currently we are trying to reproduce the issue. We are looking forward to fixing it as soon as possible.

Best regards,
by gsbiz
Tue Jul 28, 2020 5:39 pm
Forum: Scripting
Topic: Useful scripts
Replies: 81
Views: 136008

Re: Useful scripts

Hi All, OK not really a script, but I thought it may be in the same flavour. I created this Dynamic Blacklist firewall rule set that counts excessive connection attempts from the same IP within a given time frame and eventually blocks them for X number of days. I was initially going to put in a geo-...
by gsbiz
Tue Jul 28, 2020 5:32 pm
Forum: Scripting
Topic: Useful scripts
Replies: 81
Views: 136008

Re: Useful scripts

Hi All, A small script to download and update Geofilters into an IP address list (with the name of the TLD). you will need to create the firewall rule to drop (or whatever) the list(s). Change your TLD's & download locations to suit. foreach i in={ "NL"; "CN"; "RU";...
by gsbiz
Tue Jul 28, 2020 5:20 pm
Forum: Scripting
Topic: Useful scripts
Replies: 81
Views: 136008

Re: Useful scripts

Hi All, A script to automatically check and update HE.net Dynamic DNS, schedule it to run every 15 mins & on reboot. Fill in your ddns host, WAN interface and the associated key. :local currentIP :local newIP :local ddnshost "<Dynamic Domain>" :local key "<Domain Key>" :local...
by gsbiz
Tue Jul 28, 2020 5:04 pm
Forum: Scripting
Topic: Useful scripts
Replies: 81
Views: 136008

Re: Useful scripts

Hi All, This is a little script set I wrote to check the IP of visitors to your service against DNS RBL's. Handy to block known botnets and/or bad IP's. This filter is a little complex but simply put it, will record the IP's of any system connecting to the firewall on port 22 (or any other service p...
by gsbiz
Tue Jul 28, 2020 4:27 pm
Forum: Scripting
Topic: How to ***really*** block invalid TCP and UDP packet
Replies: 44
Views: 47468

Re: How to ***really*** block invalid TCP and UDP packet

Just on these rules: add action=drop chain=forward protocol=tcp src-port=0 add action=drop chain=forward dst-port=0 protocol=tcp add action=drop chain=forward protocol=udp src-port=0 add action=drop chain=forward dst-port=0 protocol=udp Load balancers use port 0 for dynamic port allocation, so this ...
by gsbiz
Mon Jul 27, 2020 3:26 pm
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 17
Views: 3600

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

I stumbled on this this morning in 6.47.1, Once the cache is full you can see it constantly refreshing current entries and reloading the static entries. All DNS requests time out. > pbs.twimg.com Server: [192.168.1.1] Address: 192.168.1.1 DNS request timed out. timeout was 2 seconds. Is there a way ...
by gsbiz
Tue Apr 28, 2020 8:24 pm
Forum: RouterOS v7 BETA
Topic: Feature Request - Wireguard Protocol
Replies: 165
Views: 55225

Re: Feature Request - Wireguard Protocol

+1 for Wireguard
by gsbiz
Tue Apr 28, 2020 8:11 pm
Forum: RouterOS v7 BETA
Topic: IPv6 dhcp finally in v7 ?
Replies: 8
Views: 2489

Re: IPv6 dhcp finally in v7 ?

I'm a client and I'm asking for it.
by gsbiz
Tue Aug 20, 2019 12:39 am
Forum: Scripting
Topic: Quick way to load an address list into an array?
Replies: 0
Views: 1549

Quick way to load an address list into an array?

Hi Guys, I have a script that loads and address list into an array for further processing on the array rather than trying to muck with the address list directly. This is the code: # for each IP in the unchecked list load it into an array :set i (0); :foreach fwlist in=[/ip firewall address-list find...