Address list from file

alphalt · May 7, 2010, 11:43am

Hello,

Lets say I have 500-1000 IP addresses of computers which I want to ban. This list is not generated dynamically. So how to enter it to router ? Is it possible to take it from file, make some list and use in firewall rules ?

mrz · May 7, 2010, 1:57pm

You can use built in scripting language to read content of the file, parse IP addresses and add them to firewall address list.

fewi · May 7, 2010, 2:26pm

Be aware that in the current scripting language the only way to get file content is to read all of it into a variable at once. Variables are currently limited to 4096 bytes at most. Assuming that on average the decimal representation of an octet will take 2 characters, each IP address would be (2 * 4) + 3 + 1 = 12 bytes (4 octets of 2 characters each, 3 dots and a carriage return), so that would give you 341 IP addresses per file. You’ll like have to split your list over several files.

If you search the forums, there’s many posts in the scripting section that deal with reading in lists from files and processing them. You can probably adjust one of them together with the manual section on scripting you can find on the wiki.

martini · May 7, 2010, 2:44pm

create text file which content string like this

/ip firewall address-list add name=“list name” address=x.x.x.a/y
/ip firewall address-list add name=“list name” address=x.x.x.b/y
/ip firewall address-list add name=“list name” address=x.x.x.c/y
…
…
…

And copy content of this file to mikrotik console, better ise ssh cinsole, not winbox

alphalt · May 8, 2010, 11:38am

Hello,

Thanks for advices, but one more question. How much addresses can hold one address list ? Is there any limit ?

martini · May 8, 2010, 5:47pm

my current address-list count 6879 ip subnet.

pturkey · May 8, 2010, 6:09pm

Open a new spread sheet.
Put the ip addresses in column B.
Fill column A with /ip firewall address-list add name=“list name” address=
Highlight and copy both columns.
Paste it in notepad, then you will need to replace the tabs with a single space.
At that point you should be able to past the results into the terminal.

alphalt · May 8, 2010, 6:39pm

Thank you all for advices ! I’ve got some very good ideas on IP address list management.

pturkey · May 8, 2010, 6:40pm

This will work better.

Open a new spread sheet.
Put the ip addresses in column B.
Fill column A with “address-list add list=banned address=” no quotes.
Highlight and copy both columns.
Paste it in notepad.
Put /ip firewall at the top of the page.
Remove the tabs between address= and the IP address.
Highlight the tab copy it hit “ctrl H” and paste the tab in the “Find what” field then click the “Replace All”.

At that point you should be able to copy and past the results into the terminal.