Dear all,
I have two address lists that have been created through the “/ip firewall mangle” and “/ip firewall filter” these add a dynamic ip address to address lists. I then run a script every so often and compare the results, and then, based on certain criteria, I added a selected IP address from the dynamic lists to another address list via a script:
/ip firewall address-list add address=$scannedIP comment="Suspicious IP Domain Behaviour - Dynamically Created" disabled=no list="blacklist_dynamic"
However, I need this entry to be dynamic also. What I am currently doing is running a second script to “clear” this “blacklist_dynamic” … but that is not really the desired behaviour … I want the IPs to “fall-off” after a while when they are not “added” from that address-list “automagically” …
Can someone help?