IP Firewall Address list to BGP Network. Useful for Blackhole.

gamerxp · Fri Dec 09, 2016 3:07 am

#Address List to BGP Network by GamerXP Network
#Exclusive for SAN-IDC
#gamerxp.network@gmail.com
#2016

:local bgpip; :set bgpip ""; :local blacktoholeip; :set blacktoholeip "";

:foreach PREFIXID in [/routing bgp network find disabled=no] do={
	:set bgpip [/routing bgp network get $PREFIXID network];
	:if ( [:typeof [:find $bgpip "/32" 0]] = "num" ) do={
		:if ( [:typeof [:find $bgpip ":/32" 0]] = "nil" ) do={
			:set $bgpip [:pick $bgpip 0 ([:len $bgpip]-3)];
			:if ( [:len [/ip firewall address-list find address=$bgpip list=blackhole-bgp]] = 0 ) do={
				:do {
					/routing bgp network remove $PREFIXID;
				} on-error={};
			}
		}
	}
};

:foreach ADDRID in [/ip firewall address-list find list=blackhole-bgp] do={ 
	:set blacktoholeip [/ip firewall address-list get $ADDRID address]; 
	:do {
		/routing bgp network add network="$blacktoholeip/32" synchronize=no;
	} on-error={};
};

This scripts work with dynamic entries (Address-list expiring will works).

Run this script for every seconds. All address in list named "blackhole-bgp" will be automatically synced to BGP network announce with /32.
Please use filter to add bgp community so your transit will know that you want to blackhole them.

http://gxpnetwork.com/node/15

amt · Fri Dec 09, 2016 11:14 am

Thanks I will try it.

texmeshtexas · Fri Aug 17, 2018 3:21 pm

GamerXP,

Tried your script, seems to work well.
Any reason it takes 2.5min to run on a CCR1072.
Adding 120 prefixes from my address list.
Does that seem right?
I can only run it every 5 min.

Greg

sikkanet · Sun Sep 13, 2020 2:26 am

#Address List to BGP Network by GamerXP Network
#Exclusive for SAN-IDC
#gamerxp.network@gmail.com
#2016

:local bgpip; :set bgpip ""; :local blacktoholeip; :set blacktoholeip "";

:foreach PREFIXID in [/routing bgp network find disabled=no] do={
	:set bgpip [/routing bgp network get $PREFIXID network];
	:if ( [:typeof [:find $bgpip "/32" 0]] = "num" ) do={
		:if ( [:typeof [:find $bgpip ":/32" 0]] = "nil" ) do={
			:set $bgpip [:pick $bgpip 0 ([:len $bgpip]-3)];
			:if ( [:len [/ip firewall address-list find address=$bgpip list=blackhole-bgp]] = 0 ) do={
				:do {
					/routing bgp network remove $PREFIXID;
				} on-error={};
			}
		}
	}
};

:foreach ADDRID in [/ip firewall address-list find list=blackhole-bgp] do={ 
	:set blacktoholeip [/ip firewall address-list get $ADDRID address]; 
	:do {
		/routing bgp network add network="$blacktoholeip/32" synchronize=no;
	} on-error={};
};

This scripts work with dynamic entries (Address-list expiring will works).

Run this script for every seconds. All address in list named "blackhole-bgp" will be automatically synced to BGP network announce with /32.
Please use filter to add bgp community so your transit will know that you want to blackhole them.

http://gxpnetwork.com/node/15

Please could you confirm which version of MikrotikOS this works on? I am not having any success with it on v6.40.4 firmware 3.41 (RB750G)

IP Firewall Address list to BGP Network. Useful for Blackhole.

IP Firewall Address list to BGP Network. Useful for Blackhole.

Re: IP Firewall Address list to BGP Network. Useful for Blackhole.

Re: IP Firewall Address list to BGP Network. Useful for Blackhole.

Re: IP Firewall Address list to BGP Network. Useful for Blackhole.

Who is online