What is the best way to combat bogon traffic (that is, traffic from/to networks that we do not use and which should not be routed outside)? Here is http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt the list of network I’m talking about.
I can see one way is route such a network as a blackhole:
/ip route
add comment=BOGON disabled=yes distance=249 dst-address=10.0.0.0/8 type=blackhole
The other way is to add these networks to ACL, and have some firewall rules to drop such a traffic.
First way is simpler since after I set up blackholed route for 10/8 I can also set route for 10.0.1.0/24 and it will be used since for its more specific netmask and for smaller value of distance.
Second way is better for maintain with scripts (so it will download list from URL above, parse it and update bogon networks ACL), but I have to add a lot of firewall filters.
What’s the better approach?