Right now I have a filter rule setup to add any IP going over 50 connections to be added to a source IP blacklist. I am wondering if I can setup a similar filter rule but instead of basing it off 50 connections it will use an online blacklist such as, b.barracudacentral.org, to automatically populate my blacklist.
Thank you for any help.
Please describe the filter rule
[admin@MT] /ip firewall> filter print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=input action=accept src-address-list=WHITELIST
dst-address-list=ALLIPs
1 chain=forward action=accept src-address-list=WHITELIST
dst-address-list=ALLIPs
2 chain=input action=drop src-address-list=BLOCKED-IPs
dst-address-list=ALLIPs
3 chain=forward action=drop src-address-list=BLOCKED-IPs
dst-address-list=ALLIPs
4 chain=input action=add-src-to-address-list protocol=tcp
address-list=BLOCKED-IPs address-list-timeout=30m connection-limit=30,32
5 chain=input action=add-src-to-address-list protocol=udp
address-list=BLOCKED-IPs address-list-timeout=30m connection-limit=30,32
6 chain=forward action=add-src-to-address-list protocol=tcp
address-list=BLOCKED-IPs address-list-timeout=30m connection-limit=30,32
7 chain=forward action=add-src-to-address-list protocol=udp
address-list=BLOCKED-IPs address-list-timeout=30m connection-limit=30,32