convert IPtables

RouterOS Beginner Basics
1

goood day

how do i create this rules in router OS ?
please help

iptables -I INPUT -s 101.254.0.0/16 -j DROP
iptables -I INPUT -s 112.96.0.0/16 -j DROP
iptables -I INPUT -s 112.94.0.0/16 -j DROP
iptables -I INPUT -s 116.22.0.0/16 -j DROP
iptables -I INPUT -s 119.32.0.0/16 -j DROP
iptables -I INPUT -s 119.33.0.0/16 -j DROP
iptables -I INPUT -s 119.34.0.0/16 -j DROP
iptables -I INPUT -s 119.35.0.0/16 -j DROP
iptables -I INPUT -s 119.129.0.0/16 -j DROP
iptables -I INPUT -s 211.97.0.0/16 -j DROP
iptables -I INPUT -s 111.248.0.0/16 -j DROP
iptables -I INPUT -s 36.226.0.0/16 -j DROP
iptables -I INPUT -s 180.76.0.0/16 -j DROP
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “Bittorrent” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “announce” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “baidu” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “Baiduspider” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “CFNetwork” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “FBiOSSDK” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “Microsoft-CryptoAPI” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “thebdsmsex” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “bingbot” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “TwengaBot” --to 1000 -j REJECT
iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “sqlmap” --to 1000 -j REJECT

best regards

2

this kind of rules i cant set correct in mikrotik


iptables -I INPUT -p tcp --dport 80 -m string --algo bm --string “Bittorrent” --to 1000 -j REJECT

3

For the first set, do not make those separate rules but make an addresslist by adding all those
networks with the name that describes them (the same name for all of them) and add a single rule that blocks
traffic with that address list as source.
For the second set, create some L7 protocols with those strings and block them as well.

(of course it is not going to do you any good, but that is not the topic)

4

any examples ?