Address-list dynamic->static

tomi_isp · October 26, 2006, 10:07am

Hi,

can anyone help me how to convert all dynamic entries in address-list to normal static entry ? I have used addr-list to block attackers (portscan, port traps..) but all IPs are added to list as dynamic and manualy ,convert, all ,D, to ,nonD, is little bit time consume and tiresome (daily about 50-100 IPs)…Any script can to do this ?

Thanks a lot for any help

/Tomi

changeip · October 26, 2006, 5:20pm

A better choice might be to expire them after 7d or something longer - do you really want to make them static and then have to decide which to remove when it gets too unmanageable? If not, i could write something that looped thru them and added them, but it would make your router hit 100% cpu probably : )

PS - We have a dual stage address-list being used as a greylist for mail servers. It regularly has 80-100k addresses in this address-list and it chugs away fine. It has stopped a huge # of zombies from hitting mail services.

Sam

tomi_isp · October 26, 2006, 6:34pm

thanks for intersting
If you can help, help me
I used this list for blacklisting attackers, this list also exported to mysql db and in changed form imported back to router under another name (this is ,managment,) It sounds crazy but its very effective, because this list (from sql) I also generate to DNS zone and use in our mailservers , I think peoples (IPs..) who try to touch SSH port, aggresive port scan or touching NetBios ports from outside is not ,normal, users but potential spammers or attackers This system works perfectly and save a lot of traffic and a lot of spamms.

Again, if you know how to change dynamic entries in list to static I will be very happy (you save me a lot of work)

/Tomi

valens · October 26, 2006, 7:56pm

:foreach i in=[/ip firewall addr find list=dynamic-list ]\
   do= { \
      :set w [/ip fire addr get $i address]
      /ip fire add rem [/ip fi add find address=$w]
      /ip fire add add list=static-list address=$w
}

CMIIW

tomi_isp · October 26, 2006, 8:18pm

thanks, I try test it later in night

changeip · October 26, 2006, 8:29pm

valens:

:foreach i in=[/ip firewall addr find list=dynamic-list ]\
   do= { \
      :set w [/ip fire addr get $i address]
      /ip fire add rem [/ip fi add find address=$w]
      /ip fire add add list=static-list address=$w
}

CMIIW

You could also add dynamic=yes to the first find to only find dynamic entries.

Sam

valens · October 26, 2006, 9:05pm

Yes, Sam.
It’s not a perfect script.
Just to give a picture how to do it.

tomi_isp · October 26, 2006, 9:33pm

thanks all, seems it work fine, I go experimenting

but also another small q Its possible remove by script whole list by ,list name, ?
For similar thing can be used the same script but without ,/ip fire add add list=static-list address=$w, but it delete IP in all lists, I need only remove whole list by his name.

/Tomi

changeip · October 27, 2006, 12:02am

I think you have to loop thru each entry and remove it. I don’t believe there is a clear list function.

:foreach subnet in [/ip firewall address-list find list=LISTNAME] do {

/ip firewall address-list remove $subnet

}

tomi_isp · October 27, 2006, 12:49am

thanks for reply, but as I think out right, that last script remove IP from all lists if that IP exist in other lists too ? Or I am worng ?

/Tomi

valens · October 27, 2006, 4:49am

tomy, you should read the manual of ROS scripting.

don’t see only the last line, the first line there is FOREACH … it’s the loop.

pathic · January 23, 2013, 8:35pm

Please check this at http://www.myee.web.id/2013/01/how-to-change-dynamic-to-static-list-in-address-list-mikrotik

waldek104 · December 17, 2014, 2:24pm

Try this script:

:foreach x in=[/ip firewall address-list find dynamic=yes] do={/ip fire addr set dynamic=no numbers=$x;}

It’s working for me (v6.20)

waldek104 · December 17, 2014, 2:26pm

Try this:

:foreach x in=[/ip firewall address-list find dynamic=yes]  do={/ip fire addr set dynamic=no numbers=$x;}

It’s working for me (v6.20)