Mikrotik and BOGON filtering

Hammy · October 19, 2004, 4:18pm

Tips?

changeip · October 19, 2004, 5:28pm

We do this … we created a new chain called ‘bogons’ and entered the list from the iana site. Here is a copy of what we use:

add src-address=2.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=5.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=7.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=10.0.0.0/8 out-interface=onboard-inside action=drop log=yes comment="" disabled=no 
add src-address=23.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=27.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=31.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=36.0.0.0/7 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=39.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=41.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=42.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=49.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=50.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=89.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=90.0.0.0/7 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=92.0.0.0/6 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=96.0.0.0/3 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=169.254.0.0/16 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=172.16.0.0/12 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=173.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=174.0.0.0/7 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=176.0.0.0/5 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=184.0.0.0/6 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=189.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=190.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=192.0.2.0/24 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=192.168.0.0/16 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=197.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=198.18.0.0/15 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=223.0.0.0/8 out-interface=onboard-inside action=drop comment="" disabled=no 
add src-address=224.0.0.0/3 out-interface=onboard-inside action=drop comment="" disabled=no

Thanks,
Sam

mp3turbo2 · October 20, 2004, 10:15am

there is more to this, see:

http://www.completewhois.com/bogons/data/bogons-cidr-all.txt

but at least, you have filtered the largest networks

bye, mp3turbo.