I was working on my firewall and thought, hey, make a drop rule for known bad ips. I know its not elegant because ips can change, but i found a site called http://greensnow.co who publish about 700 of them.
I know here are others, and maybe better ones, darklist, arbor, etc, im interested to know peoples experience with large block lists as the first firewall drop rule on both the input and forward chains.
i made an address list like this as the first forward and first input rule, testing at home for now. picked up 1 packet within 1 min. then that was about it over the next few hours.
/ip firewall address-lists
add list=badips address=xx.xx.xx.xx comment=greensnow
/ip firewall filter
add chain=input action=drop source-address-list=badips comment=“known bad ips”
add chain=forward action=drop source-address-list=badips comment=“known bad ips”