Community discussions

 
RackKing
Member Candidate
Member Candidate
Posts: 257
Joined: Wed Oct 09, 2013 1:59 pm

Re: Blacklist Filter (Development Topic)

Tue Nov 06, 2018 6:39 pm

So maybe a dumb question... I did have a look a the Patreon page. What level would you recommend to an integrator like who would offer this to his customers as part of a annual service offering? I would bill them directly and purchase your service. I suppose I could buy a tier and then upgrade as I cross that threshold? Will it be easy to see how many "routers" I have left to use?

I think this is a great project and thank you for all your efforts.
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Tue Nov 06, 2018 10:12 pm

Their are no dumb questions!

I will for sure have a UI for you to manage your routers. My goal is to have the UI finished by mid December. Though I just missed a pretty big deadline, so I may end up having to hire another developer to work on the front end while I continue on the back end. The UI is expected to use the Patreon login, then provide you with the total number of routers you can enroll, as well as the currently enrolled and management of the serial numbers. Authentication of the routers will be handled by the email address you subscribed with, along with the serial number of the router. Each router will have one unique address entry (randomly generated) that will allow me to find users that are misusing or claiming my lists as their own.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Cooperdale
just joined
Posts: 5
Joined: Fri Feb 17, 2017 8:35 pm

Re: Blacklist Filter (Development Topic)

Sun Dec 30, 2018 6:16 pm

Hello, are there any news on this? I can't wait for this service to come alive.
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Sun Dec 30, 2018 8:44 pm

The service works well, the first payment has been sent.
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Mon Dec 31, 2018 11:03 pm

The service works well, the first payment has been sent.
My Also, ;-)
but where to submit my router's Cloud DNS name?
╰_╯ Ciao Marco!
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Mon Dec 31, 2018 11:36 pm

let's wait for a message from Dave.
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Tue Jan 01, 2019 10:36 am

Hey guys, sorry for the radio silence, it’s been a pretty tough year but I’m trying to survive it.

I’ve been trying to get the automated registration process done but have ran into a few pretty nasty issues that I didn’t foresee. I’m going to put it on hold and process things manually until I can get some cash to pay another coder to work with me.

Going to spend the rest of the week with my kids, and then start fresh Monday morning.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
sjoram
Member Candidate
Member Candidate
Posts: 116
Joined: Sun Feb 10, 2013 8:47 pm
Location: Essex, UK

Re: Blacklist Filter (Development Topic)

Sun Jan 27, 2019 2:42 pm

I found your Patreon.

I looked at the different 'tiers' - $10 currently works out about £7.50 a month...I'd be more than happy to support your work.

However, I do have a couple of questions (others with knowledge of your project may also have views) - sorry if this is not the best place to ask, but it seemed most likely to get the right visibility:

- I'm a home user, with ROS on two RouterBOARDs. Just about to swap both out with new RB750Gr3. I believe these have 256MB RAM, can these handle the largest tier?
- I found out about your work as I was one of the silly people that when a novice to ROS didn't include a PPPoE WAN interface on the default drop rules AND had some ROS services open to the wild, without port knocking. Also lax with updates, so Winbox vulnerability got exploited on one box. Yes, I know... Now fixed.
- One box particularly has a plethora of open dst-nat rules - mail server and the likes. I'm thinking that despite now having the default drop rules correct such that ROS itself is less vulnerable, your project may still be a benefit in protecting against unknown/unpatched exploits from known rogue addresses, not just for ROS but also the services behind those dst-nat rules... Would you agree?
Home user, working in IT. Home network is my lab.
ISP: Uno Communications
Hardware:
RB750 - Draytek Vigor 120v2 ADSL2+ Annex M
RB750Gr3 - Draytek Vigor 130 FTTC (VDSL) & RBD52G-5HacD2HnD
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Tue Feb 12, 2019 3:21 am

Hey everyone. I'm sorry for being out of touch. Here is an update.

So, life has been pretty rough over the last 12-14 months. I've lost most of my clients, the new government tax code is killing me, and server costs keep going up. On the personal side, I've been dealing some some pretty serious health issues, and I'm not entirely sure how this is going to end for me.

That said, I can't in good conscience bill people for something that I can't guarantee that I can keep working on. I do have my notebook with me all the time, but some of the drugs are simply preventing me from thinking clear enough to do any coding at all.

So, I'm going to leave it open to all, and hope that at least a few of you will donate to keep the servers up and running.
I will do my very best to continue to improve the lists and the script.

I'd like to leave this PayPal Donation button here. Use if you like, don't if you don't like.

Again, as long as the service can support itself (about $200/month USD) I'll leave it running.
I have also taught my 14 year old daughter how to keep the servers running (she's already studding quantum physics) so that if the worst case happens, she can keep it running for you all.

I can certainly promise that NONE of the donations will go to my medical bills. I don't want anyone thinking that I'm using donations for anything other than what they expect.

Thank you, and I hope to keep posting. :)
Image
https://www.paypal.com/cgi-bin/webscr?c ... source=url



BTW - this is the code that I use, and I prefer anyone to use for the script... make note of the path.
:local destPath "disk1/filterImport.rsc";
:local priority "2";

:local sn [:pick [/ip cloud get dns-name] 0 [:find [/ip cloud get dns-name] "."]];
/tool fetch mode=https url="https://bl.mikrotikfilters.com/fetch.php?priority=$priority" http-method=post http-data="$sn" dst-path="$destPath" output=file; /import file-name=$destPath;  /file remove $destPath;
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
sjoram
Member Candidate
Member Candidate
Posts: 116
Joined: Sun Feb 10, 2013 8:47 pm
Location: Essex, UK

Re: Blacklist Filter (Development Topic)

Tue Feb 12, 2019 10:27 am

Hi Dave,

Very sorry to hear of the challenges that life has thrown at you of late. I sincerely wish you and your family all the very best.

Thank you for your work on this, you know yourself how much demand your servers have seen, so I am sure this is benefiting and making life easier for a lot of people!
Home user, working in IT. Home network is my lab.
ISP: Uno Communications
Hardware:
RB750 - Draytek Vigor 120v2 ADSL2+ Annex M
RB750Gr3 - Draytek Vigor 130 FTTC (VDSL) & RBD52G-5HacD2HnD
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Tue Feb 12, 2019 9:14 pm

Dave donates funds to patreon and here he will also donate
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Fri Feb 15, 2019 12:59 am

Humans are truly awful.
While at my treatment yesterday, I dozed off. (I'm there for 6 hours every 3 days)
While sleeping, someone stole my backpack with my 6 month old notebook.

I'll still be doing some coding at home, but it's hard to sit at my desktop. I'll keep you all posted.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
ihave
just joined
Posts: 5
Joined: Wed Feb 01, 2017 4:38 pm

Re: Blacklist Filter (Development Topic)

Fri Feb 15, 2019 2:45 am

That is truly awful indeed!
Sorry to hear that.

Can someone sum up the latest script/instructions on how to install the new service?
The old install script with blInstaller.rsc doesn't show anything in the log.

Filterimport.rsc is running fine and updating the address list. Am I only missing the scheduler or did the BlInstaller.rsc install additional things I am still missing?

Thank you
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Fri Feb 15, 2019 8:10 pm

Can someone sum up the latest script/instructions on how to install the new service?
Script is 4 post higher. :lol: :mrgreen:
╰_╯ Ciao Marco!
 
ihave
just joined
Posts: 5
Joined: Wed Feb 01, 2017 4:38 pm

Re: Blacklist Filter (Development Topic)

Fri Feb 15, 2019 9:18 pm

Script is 4 post higher. :lol: :mrgreen:
That script is running fine. I am just wondering about the frequency of the scheduler and maybe other things that were installed with the old installer.
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Sun Feb 17, 2019 3:07 pm

That script is running fine. I am just wondering about the frequency of the scheduler and maybe other things that were installed with the old installer.

OK. Mmmmh, frequency of the scheduler:
That makes everyone different. I update every 12 hours. I think Dave updates the blacklists every hour.

I summarize everything for the people who are new here:

- Enable ddns. I have configured the SNTP client and do not need time here.
/ip cloud set ddns-enabled=yes update-time=no

- The script (destPath and priority may need to be adjusted):
/system script add dont-require-permissions=no name=blacklistScript owner=admin policy=read,write,policy,test source=\
\n"# Intrus Technologies blacklist installer/updater\
\n# \A92017 David Joyce, Intrus Technologies\
\n\
\n:local destPath \"filterImport.rsc\";\
\n:local priority \"2\";\
\n\
\n#If you do not want to delete the script directly after importing, remove the comment and paste one in the last line\
\n#:do { /file remove \$destPath } on-error={};\
\n\
\n:local sn [:pick [/ip cloud get dns-name] 0 [:find [/ip cloud get dns-name] \".\"]];\
\n/tool fetch mode=https url=\"https://bl.mikrotikfilters.com/fetch.php\?priority=\$priority\" http-method=post http-data=\"\$sn\" dst-path=\"\$destPath\" output=file;\
\n/import file-name=\$destPath;\
\n/file remove \$destPath;\
\n"

- The sheduler (After every reboot and then every 12 hours at 6:00 and 18:00) Adjust times as you want:
/system scheduler add interval=12h name=blacklistScriptUpdate on-event="/system script run blacklistScript" policy=read,write,policy,test start-date=jan/01/1970 start-time=06:00:00
/system scheduler add name=blacklistScriptUpdateOnBoot on-event=":delay 30;system script run blacklistScript" policy=read,write,policy,test start-time=startup

- The firewall rule:
Others also filter outgoing traffic (dst-address-list) and/or other interfaces. I block all port scanners, bruteforcer and blacklists in the beginning in the RAW chain. (Connection tracking would be a waste of time ;-) I prefer to use the saved computing time for tarpit rules. I tarpit all WAN connections to unused TCP ports of the router.
/ip firewall raw add action=drop chain=prerouting comment="Drop WAN connections from 'intrusBL' blacklisted hosts <- Src. Address List: intrusBL" in-interface-list=WAN src-address-list=intrusBL

Hope that helps :wink:
Last edited by boldsuck on Sun Feb 17, 2019 5:00 pm, edited 1 time in total.
╰_╯ Ciao Marco!
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Sun Feb 17, 2019 4:15 pm

@Dave
:D 8) Wow, 14 year old woman is interested in coding! Very nice.

Crap. Stolen laptop is one of the worst cases.
I do not know exactly "New US government tax" but I think that's what Mr. Trump introduced. (He needs money for his wall. In Germany, we are glad that the wall is gone!)

Should we still run the reportStatus script? (That from #Post 37)
╰_╯ Ciao Marco!
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Fri Mar 01, 2019 3:16 am

The ReportStatus is 100% optional. It's mostly for stats and being able to ty and tailor the lists to the bulk of the routers. Surprisingly, their are far more CloudCore routers running the blacklist now than the smaller units.

I wanted to thank those of you whom have reached out with support. Every little bit helps! It's been a few weeks and I'm starting to grow hair again... Just when I was getting used to being bald. It won't be long though, treatments start again in 6 weeks.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Tue Apr 02, 2019 6:05 pm

Good Morning and happy April.

A few updates for you this morning.
  • Server is running stable with no issues other than the random LetsEncrypt cert error.
  • Once the list's income manages to cover it's costs, I'll be switching to Digicert for ssl certs.
  • I've begun work on adding IPv6 to the service, it's pretty easy on the router side, changes things quite a bit on the backend
  • For those following, the police found my notebook, though it's completely wrecked. they are keeping it as evidence. They didn't find any of my tools.
  • as for the service pricing, I'm still keeping it as a donation only service. Again, I don't want to bill for a service that I may not be around to keep running.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Tue Apr 02, 2019 9:12 pm

It can be paid by Patreon?
Last edited by Rico40 on Wed Apr 03, 2019 12:52 am, edited 1 time in total.
 
msatter
Forum Guru
Forum Guru
Posts: 1200
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Blacklist Filter (Development Topic)

Tue Apr 02, 2019 11:18 pm

Humans can be truly awfull but using you undergoing your treatment to steal from you then there are no words to describe my feelings about that.

I am sorry to read that you are ill and that the outcome is uncertain. I wish all the strength to overcome this horrible time in your life.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.3.2
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Wed Apr 03, 2019 1:10 am

It can be paid by Patreon?
Yes, somewhere up above, there is a Patreon link, as well as PayPal links.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Wed Apr 03, 2019 1:11 am

Humans can be truly awfull but using you undergoing your treatment to steal from you then there are no words to describe my feelings about that.

I am sorry to read that you are ill and that the outcome is uncertain. I wish all the strength to overcome this horrible time in your life.
Thank you. No worries, I’ve survived everything else life has tossed my way. Even an earthquake that brought my apartment down on me.

If I could just keep my fingers and toes warm, I would be happy.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Fri Apr 26, 2019 12:23 am

Just an update... I'm still here, and I have hair again. :) Well, I have hair for a few weeks at least.

I'm still working on the IPv6 version of the list. My home ISP has finally managed to provide a stable v6 connection, so I'll be able to start testing.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Sun May 05, 2019 4:59 pm

I'm still working on the IPv6 version of the list. My home ISP has finally managed to provide a stable v6 connection, so I'll be able to start testing.

IPv6 Yeah! That's very good news.
Have meanwhile a few servers on the run. (Debian, Static IP & IPv6)
If you want to test something on it ...
can I give you access. I only need a pub ssh-key from you.
╰_╯ Ciao Marco!
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Tue May 28, 2019 5:43 am

I regret to inform you all that I have shut down the servers.
With over 35,000 routers hitting the server every few hours, and only 10 supporters (totally $50/month), the expenses are not even remotely being covered. I'm putting out almost $500/month now just in bandwidth costs.

I'm moving the code to my in home server where it will just be supporting my personal units now.

it was a good run. I tried to keep it going, I thought that more people would be willing to help, but sadly not.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
wanos
just joined
Posts: 3
Joined: Thu Aug 16, 2018 12:43 pm

Re: Blacklist Filter (Development Topic)

Tue May 28, 2019 2:02 pm

We truly appreciated all your efforts Dave. Well, too few of us apparently did. So many want something for nothing. Sucks.

Thank-you for that and hope all goes well for you and your family.
 
hhgttg42
just joined
Posts: 8
Joined: Wed Oct 12, 2016 4:48 am

Re: Blacklist Filter (Development Topic)

Tue May 28, 2019 4:41 pm

Sorry to hear that Dave. Please let us know if you ever change your mind!

Best of luck.
 
HZsolt
just joined
Posts: 24
Joined: Tue Apr 24, 2018 7:31 pm

Re: Blacklist Filter (Development Topic)

Tue May 28, 2019 8:08 pm

[DELETED]
Last edited by HZsolt on Tue May 28, 2019 8:28 pm, edited 1 time in total.
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Tue May 28, 2019 8:25 pm

Dude, really? My lively-hood is going down the drain, and you pop up to help push the knife in. Nice.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Wed May 29, 2019 8:11 am

I resigned from patreon in favor of donate paypal.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8305
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Blacklist Filter (Development Topic)

Sat Jun 08, 2019 11:47 am

Dave, any chance to get the code open-sourced? I mean, maybe someone would like to donate servers/bandwidth instead of money...
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5715
Joined: Mon Jun 08, 2015 12:09 pm

Re: Blacklist Filter (Development Topic)

Sat Jun 08, 2019 12:43 pm

I regret to inform you all that I have shut down the servers.
With over 35,000 routers hitting the server every few hours, and only 10 supporters (totally $50/month), the expenses are not even remotely being covered. I'm putting out almost $500/month now just in bandwidth costs.
I'm curious how much bandwidth your service consumes... there is another poster complaining about $500/mon bandwidth cost for his service, but frankly I cannot understand how this can happen.
For that $50/mon I would get about 10TB/mon of bandwidth at local cloud hosting companies, and with 35000 routers that would be 285MB per router per month.
When that isn't enough by a factor of 10 I would seriously consider revising the method for distributing the data... e.g. some form of incremental updating.
 
msatter
Forum Guru
Forum Guru
Posts: 1200
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Blacklist Filter (Development Topic)

Sat Jun 08, 2019 1:41 pm

I helped with an earlier version and it is should be incremental and your get the changes you missed since the last sucessful update you had.

The sheer number of routers connecting still can give a heavy bandwith usage.

Dave is doing a great job despite his personal set backs.

viewtopic.php?t=98804
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.3.2
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
Rico40
just joined
Posts: 16
Joined: Sun Aug 19, 2018 8:53 pm
Location: Poland

Re: Blacklist Filter (Development Topic)

Sat Jun 08, 2019 8:19 pm

it's more about reducing the cost of the service.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5715
Joined: Mon Jun 08, 2015 12:09 pm

Re: Blacklist Filter (Development Topic)

Sat Jun 08, 2019 9:25 pm

Please show a calculation of how much bandwidth per month you need per router using the service, and how much the cost for different amounts of bandwidth per month is.
 
IntrusDave
Forum Guru
Forum Guru
Topic Author
Posts: 1284
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: Blacklist Filter (Development Topic)

Thu Jun 13, 2019 9:00 pm

Sorry, but I feel no need to disclose my stats and financial needs for a service that is free.
I can tell that you 4 servers, 120 honeypots, a CDN, storage and the bandwidth needed for all of it is quite a lot.
I wont be open sourcing the code either. it's 100% written by my with no use of any open source code.
It has a use to me still and I will be keeping it for myself.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
suszi
just joined
Posts: 6
Joined: Mon Apr 10, 2017 2:08 pm

Re: Blacklist Filter (Development Topic)

Thu Jun 13, 2019 9:28 pm

the problem is, with RB, that ip firewall raw action=drop doent work with src-address-list=intrusBL
according to documentation:
address-list (string; Default: ) Name of the address list to be used. Applicable if action is add-dst-to-address-list or add-src-to-address-list
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Raw
/ip firewall raw
add action=drop chain=prerouting comment="DROP intrusBL" src-address-list=intrusBL
add action=drop chain=prerouting comment="DROP intrusBL" dst-address-list=intrusBL
any way to use RAW? or just regular firewall rule?
 
suszi
just joined
Posts: 6
Joined: Mon Apr 10, 2017 2:08 pm

Re: Blacklist Filter (Development Topic)

Thu Jun 13, 2019 9:29 pm

I'm updating my second portscanners (TCP SYN) list manually - where can I send it, to be included ?
maybe there is a better way ?
 
msatter
Forum Guru
Forum Guru
Posts: 1200
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Blacklist Filter (Development Topic)

Thu Jun 13, 2019 11:05 pm

The ADD in the rules is there to add the line to the RAW section in the firewall. After thst it not used anymore.

Dropping unwanted traffic is most efficient in RAW and so it won't reach connection tracking.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta / Winbox 3.19 / MikroTik APP 1.3.2
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8305
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Blacklist Filter (Development Topic)

Fri Jun 14, 2019 12:38 am

the problem is, with RB, that ip firewall raw action=drop doent work with src-address-list=intrusBL
according to documentation:
address-list (string; Default: ) Name of the address list to be used. Applicable if action is add-dst-to-address-list or add-src-to-address-list
https://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Raw
/ip firewall raw
add action=drop chain=prerouting comment="DROP intrusBL" src-address-list=intrusBL
add action=drop chain=prerouting comment="DROP intrusBL" dst-address-list=intrusBL
any way to use RAW? or just regular firewall rule?
Address-list, src-address-list and dst-address-list are three different parameters. You're talking about one and look at the description of another.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
boldsuck
Frequent Visitor
Frequent Visitor
Posts: 58
Joined: Sun Sep 01, 2013 1:07 am
Location: Germany

Re: Blacklist Filter (Development Topic)

Thu Jun 20, 2019 10:42 pm

I thought that more people would be willing to help, but sadly not.
me too.

I have now unsubscribed at Patreon. ;-(

Thanks for everything Dave. You and this thread inspired me to refine my own raw bruteforce & portscan rules.

I'm trying to do something similar. With fail2ban (0.10 has ipv6 support) My servers run as fail2ban reporting service anyway. For months there is already a UBNT ER-Pro 8 around here. On EdgeOS, packages from the debian archives can be installed. Fail2ban should then be easy to install on the router.
╰_╯ Ciao Marco!

Who is online

Users browsing this forum: No registered users and 5 guests