We just added a native RouterOS REST API integration that lets Flowtriq manage a firewall address-list automatically during attacks.
How it works:
-
Flowtriq monitors your servers/nodes for DDoS attacks using packet-level detection across 9 attack families: UDP flood, TCP SYN flood, ICMP flood, reflection/amplification, fragmentation, slow-rate, carpet bombing, multi-vector, and protocol abuse.
-
When an attack is detected, attacker IPs are PUT into a RouterOS address-list (e.g.
flowtriq_blocked) via the REST API. -
A single firewall filter rule referencing that list drops the traffic at line rate.
-
When the attack ends, Flowtriq DELETEs those entries. No stale blocks.
Requirements:
-
RouterOS v7.1+ (REST API support)
-
HTTPS service enabled (
/ip service enable www-ssl) -
A dedicated user with full policy (or restricted read/write)
-
A firewall filter rule you create once referencing the address-list
Firewall rule (one-time setup):
/ip firewall filter add chain=forward src-address-list=flowtriq_blocked action=drop comment="Flowtriq DDoS block" place-before=0
Install Flowtriq on the monitored server:
pip install ftagent
Full setup tutorial with curl examples: https://flowtriq.com/blog/pfsense-mikrotik-routeros-integration
Free trial at flowtriq.com. Happy to answer questions in the thread.
Jacob, Flowtriq