/ip firewall raw
add action=drop chain=prerouting disabled=yes in-interface=ether1 src-address-list=PortScanners
add action=add-src-to-address-list address-list=PortScanners address-list-timeout=2w chain=prerouting disabled=yes dst-port=10,25,333 in-interface=ether1 protocol=udp src-address-list=!WinboxAllow
add action=add-src-to-address-list address-list=PortScanners address-list-timeout=2w chain=prerouting disabled=yes dst-port=10,25,333 in-interface=ether1 protocol=tcp src-address-list=!WinboxAllow
:global i do={ /ip firewall address-list add list=blacklist-email timeout=35w3d13:13:56 address="$a" }
:do { /ip firewall address-list remove [find where list=blacklist-email] } on-error={}
$i a=x.x.x.x
$i a=x.x.x.x
$i a=x.x.x.x
.
.
.
$i a=x.x.x.x
$i a=x.x.x.x
$i a=x.x.x.x
:global listname "blacklist-email"
:global i do={
:global listname
/ip firewall address-list
:if ( ([:len [find where list="$listname" and address="$1"]] = 0) and ([:typeof [[:parse ":return $1"]] ] ~ "(ip|ip-prefix)") ) do={
add address="$1" list="$listname" timeout=35w
}
}
/ip firewall address-list remove [find where list="$listname"]
$i x.x.x.x
$i x.x.x.x
.
.
.
$i x.x.x.x
$i x.x.x.x
So with no explanation and no reason?@rextended you are on my ignore list so I don't read your postings anymore. Really sad that I had to resort to that.
To be precise, there is no problem in importing blacklists from sites, reading the file and following an internal import script,where you were adamant not to pull third party sites into a script etc etc.
Excellent example why I put you on my ignore list or how it is called here I go a foe.So with no explanation and no reason?@rextended you are on my ignore list so I don't read your postings anymore. Really sad that I had to resort to that.
Of course there are really idiotic people in the world...
For me the dawn will continue to be there tomorrow,
even for you,
but you will miss a star in the firmament of the night that writes the history of this world.
The ignore function works very well here. If you want to read a ingnored posting, it depends on which one of the two fingers you use for the screen.PS, Your ignore list doesnt work very well. I am sure rextended has a script for you that will work.
@rextended --- I tried your code on a test file have 50 thousand IP address entries and found that @msatter code was dramatically faster to process .... approximately 4 times faster than your code. Also FYI, your code generates the following error conditionIf I can, I suggest a change.
Did you try your code out on a test file before publishing your code here? May I suggest that you give it a try and compare your code to @msatter code ... see for yourselffailure: empty list name not allowed
@rextended .... Did YOU test your script?The only way to obtain the error "failure: empty list name not allowed" is if you do not set list name, is your fault.
and that is the name I used ..... so I suggest you test it out and see for yourself.:global list "blacklist-email"
#############
:global i do={
:global listname
# :log info "$listname $1"
/ip firewall address-list
#############
No offense meant on my part and I apologize if I hurt your feelings.I removed the :log info "$listname $1" I add to do the debug and I removed also a extra line.
You have perfect reason, but please do not say I do not test it before,
at max say I'm ain idiot because I can't do copy & paste. For me is less offensive...
Any service that appears to be of good value I will always recommend, its called communicating. There is nothing in it for me.yes yes anav, we know you keep pushing people to use his services, we know. chill.
If you are wondering on the performance hit in processing 50 thousand IP addresses ... using your code took 22 minutes while msatter's code took 2 minutes and this is on a CCR1009 ...
@rextended -- thanks for askingI wonder why you always have to import the 50,000 addresses by hand all the time.
Is not so that most VOIP based system, are using a provider who sit in between you and the party calling? This way, you could just allow the needed IP addresses (of your provider) in and exclude all other that seek a connection.Engineered for MikroTik RouterOS Firewall.
voipTIK - "Wow ...its working ...a perfect voip shield" a direct quote from one of our clients
Is your public facing PBX's getting a lot of SIP/VoIP attacks?
If your answer is YES then you need to consider our voipTIK Blacklist service - a perfect voip shield to protect your business and PBX's against VoIP Fraud and minimize the risks of attacks on your Telephony Server.
My voipTIK blacklist service is not made for end users ... this blacklist is made for VoIP Service Providers.@Mozerd I read that you where also providing protection for VOIP.
.......
Is not so that most VOIP based system, are using a provider who sit in between you and the party calling? This way, you could just allow the needed IP addresses (of your provider) in and exclude all other that seek a connection.
I have to admit that I can only admire that you protect rextended that much.Any service that appears to be of good value I will always recommend, its called communicating. There is nothing in it for me.yes yes anav, we know you keep pushing people to use his services, we know. chill.
Whatever personal issues you may have, get over it.
It will be interesting to see how long it takes and the load etc........@rextended, a very good idea thx.
Hello everyone,
Does anyone have any experience with large block lists?
I am running an email server and get hit with brute force password attacks from IPs that are commonly found in blacklists.
Although the server features and is set up for automatic lockout of IPs that do multiple attempts at passwords, i would like to move this to firewall.
Does anyone have any experience in what kind of a hit on performance a 11k line blacklist makes to the router? The router is a RB3011.
regards