axper
July 28, 2014, 3:21pm
1
This is a modification of a script by Bob Burley that I wanted to share.
It reports each new address added to the list “spammer”, but only once. This is done by remembering printed addresses in the list “reported”.
First make sure your firewall rule(s) put spammer addresses to the list “spammer”
Add this script to your router, don’t foget to set script policy to “read,write”
Add scheduler entry with policy to “read,write” and interval ~10s
To allow an address through, you need to remove it only from “spammer”, and it will be aut-removed from “reported” as well. This is done by the first half of the script.
:foreach NextReported in [:ip firewall address-list find list=reported] do={
:if ([:len [:ip firewall address-list find list=spammer]]!=[:len [:ip firewall address-list find list=reported]]) do={
First of all, I have fix all the syntax and formal errors, but I have not checked the logic.
# Remove addresses in "reported" which are not present in "spammer"
:foreach NextReported in [/ip firewall address-list find where list=reported] do={
:local FoundReportedAddressInSpammer value=false;
:local ReportedIp value=[/ip firewall address-list get $NextReported value-name=address];
:foreach NextSpammer in [/ip firewall address-list find where list=spammer] do={
:local SpammerIp value=[/ip firewall address-list get $NextSpammer value-name=address];
:if ($ReportedIp = $SpammerIp) do={
:set $FoundReportedAddressInSpammer value=true;
}
}
:if ($FoundReportedAddressInSpammer = false) do={
/ip firewall address-list remove $NextReported;
}
}
# Log new addresses and add them to "reported"
:if ([:len [/ip firewall address-list find where list=spammer]] != [:len [/ip firewall address-list find where list=reported]]) do={
:foreach NextSpammer in [/ip firewall address-list find where list=spammer] do={
:local AlreadyReported value=false;
:local SpammerIp value=[/ip firewall address-list get $NextSpammer value-name=address];
:foreach NextReported in [/ip firewall address-list find where list=reported] do={
:local ReportedIp value=[/ip firewall address-list get $NextReported value-name=address];
:if ($SpammerIp = $ReportedIp) do={
:set $AlreadyReported value=true;
}
}
:if ($AlreadyReported = false) do={
/log warning message=("WARNING: New IP " . $SpammerIp . " added to spammer list");
/ip firewall address-list add address=$SpammerIp list=reported;
}
}
}
axper
July 30, 2014, 3:56pm
3
Thank you! I had to make a small change to make the script work on 5.X series: (“value-name” → “value” on line 23)
:foreach NextReported in [/ip firewall address-list find where list=reported] do={
:if ([:len [/ip firewall address-list find where list=spammer]] != [:len [/ip firewall address-list find where list=reported]]) do={
Bravo!
Is my error
