Community discussions

 
muso
just joined
Topic Author
Posts: 18
Joined: Thu Feb 10, 2005 4:52 am

Block range of ip stored on text file

Sat Sep 15, 2007 8:54 pm

I want block access to my network of some countries, I have a text files with the ranges of ips of the country, but I not know how can I add this lists of networks to filter rules.

The format of the file is:

62.13.192.0-62.13.223.255
62.26.210.0-62.26.210.63
62.40.128.0-62.40.255.255
62.41.73.64-62.41.73.79
62.46.0.0-62.47.255.255
62.48.68.60-62.48.68.63
62.52.54.192-62.52.54.255
62.75.140.0-62.75.140.31
62.93.64.0-62.93.127.255
62.99.128.0-62.99.255.255
62.112.130.48-62.112.130.63
62.112.154.0-62.112.154.3
 
Znuff
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Sep 26, 2006 2:42 am
Contact:

Re: Block range of ip stored on text file

Sat Sep 15, 2007 10:00 pm

You should create an Adress List with the contents of that file, but they have to be entered in CIDR notation. So:

62.13.192.0-62.13.223.255 becomes 62.13.192.0/19
62.26.210.0-62.26.210.63 becomes 62.26.210.0/26

and so on

Then you just create a firewall rule to deny connections to and from that src/dst address list.

You can use ipcalc to calculate it.
deaggregate 62.13.192.0 - 62.13.223.255
62.13.192.0/19
deaggregate 62.26.210.0 - 62.26.210.63
62.26.210.0/26
deaggregate 62.40.128.0 - 62.40.255.255
62.40.128.0/17
deaggregate 62.41.73.64 - 62.41.73.79
62.41.73.64/28
deaggregate 62.46.0.0 - 62.47.255.255
62.46.0.0/15
deaggregate 62.48.68.60 - 62.48.68.63
62.48.68.60/30
deaggregate 62.52.54.192 - 62.52.54.255
62.52.54.192/26
deaggregate 62.75.140.0 - 62.75.140.31
62.75.140.0/27
deaggregate 62.93.64.0 - 62.93.127.255
62.93.64.0/18
deaggregate 62.99.128.0 - 62.99.255.255
62.99.128.0/17
deaggregate 62.112.130.48 - 62.112.130.63
62.112.130.48/28
deaggregate 62.112.154.0 - 62.112.154.3
62.112.154.0/30

 
muso
just joined
Topic Author
Posts: 18
Joined: Thu Feb 10, 2005 4:52 am

Re: Block range of ip stored on text file

Sat Sep 15, 2007 10:56 pm

The problem is add the ips, I'm searching some script for made that, because are about 9000 networks by country.
 
Znuff
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Sep 26, 2006 2:42 am
Contact:

Re: Block range of ip stored on text file

Sun Sep 16, 2007 1:37 am

if you have access to a linux box, it's easy, here's a bash script that does what I mentioned above and creating the .rsc script to import them in RouterOS:
#!/bin/bash

#Replace file.ips with the name of the file with your original range ips
ORGFILE="file.ips"

#empty the files :-)
echo > file.tmp
echo "/ip firewall address-list" > script.rsc
echo ":foreach subnet in [/ip firewall address-list find list=Country] do {" >> script.rsc
echo "/ip firewall adress-list remove $subnet" >> script.rsc
echo "}" >> script.rsc
echo "###" >> script.rsc

for range in $(cat file.ips); do
    ipcalc $range | grep -v deaggregate;
done >> file.tmp

for cidr in $(cat file.tmp); do
    echo "add list=Country address=$cidr disabled=no";
done >> script.rsc
Create a the file, copy/paste there and chmod +x file, then just run the file with ./file

Remember to change the name of the file that contains your original IPs, and make sure it's in the same directory as the script.

After that, just upload the script.rsc file to your mikrotik routeros and do /import script.rsc

If you need more assistance, just ask.
 
muso
just joined
Topic Author
Posts: 18
Joined: Thu Feb 10, 2005 4:52 am

Re: Block range of ip stored on text file

Sun Sep 16, 2007 4:47 pm

Thanks, I can made the src file but with this software "Actual Search & Replace" http://www.divlocsoft.com/index.htm
 
systemok25
just joined
Posts: 12
Joined: Thu Dec 30, 2010 4:08 pm

Re: Block range of ip stored on text file

Tue Jul 24, 2012 6:39 pm

i have a question please if anybody can answer me

a hundred of ip address

i must create a file with that ip address in a file "file.ips"
and then run the script

?? please your help, i need put a lot of range and ip address

Who is online

Users browsing this forum: No registered users and 33 guests