IP Firewall Address list to BGP Network. Useful for Blackhole.

RouterOS Scripting
1 
#Address List to BGP Network by GamerXP Network
#Exclusive for SAN-IDC
#gamerxp.network@gmail.com
#2016

:local bgpip; :set bgpip ""; :local blacktoholeip; :set blacktoholeip "";

:foreach PREFIXID in [/routing bgp network find disabled=no] do={
	:set bgpip [/routing bgp network get $PREFIXID network];
	:if ( [:typeof [:find $bgpip "/32" 0]] = "num" ) do={
		:if ( [:typeof [:find $bgpip ":/32" 0]] = "nil" ) do={
			:set $bgpip [:pick $bgpip 0 ([:len $bgpip]-3)];
			:if ( [:len [/ip firewall address-list find address=$bgpip list=blackhole-bgp]] = 0 ) do={
				:do {
					/routing bgp network remove $PREFIXID;
				} on-error={};
			}
		}
	}
};

:foreach ADDRID in [/ip firewall address-list find list=blackhole-bgp] do={ 
	:set blacktoholeip [/ip firewall address-list get $ADDRID address]; 
	:do {
		/routing bgp network add network="$blacktoholeip/32" synchronize=no;
	} on-error={};
};

This scripts work with dynamic entries (Address-list expiring will works).

Run this script for every seconds. All address in list named “blackhole-bgp” will be automatically synced to BGP network announce with /32.
Please use filter to add bgp community so your transit will know that you want to blackhole them.

http://gxpnetwork.com/node/15

2

Thanks I will try it.

3

GamerXP,

Tried your script, seems to work well.
Any reason it takes 2.5min to run on a CCR1072.
Adding 120 prefixes from my address list.
Does that seem right?
I can only run it every 5 min.

Greg

BGP black hole with large number of prefixes
4

Please could you confirm which version of MikrotikOS this works on? I am not having any success with it on v6.40.4 firmware 3.41 (RB750G)