Community discussions

MikroTik App
 
albercik
newbie
Topic Author
Posts: 41
Joined: Tue Jul 17, 2018 1:38 pm

Script to verify incoming IP address and block it in firewall (add to address list)

Fri Apr 12, 2019 10:49 am

Hello,

I'm preety new to MT and I'm totally new to ROS scripting... Recently, I notice a large number of unsuccessfull attepmts to log in into my VoIP server at home (actually it's just a Raspberry PI with debian and FreePBX+Asterisk). Each time I check - the IP address is from China, so I wan't to add those addresses automatically to my "SIP SPAM" address list which is blocked on MT.

At this moment - I use a bash script at my RPI that calls a ip-api.com API and if the response contains "countryCode":"CN" then it's added to iptables with DROP and iptables is beign reloaded.

I'd like to do the same on my MT so the connection won't even pass the router, so it will raise a network security level and it will lower a network traffic.

But honestly.... I have no idea on how to do it. I've google'ing for some answears, but found nothing interesting...

Please - point me out to a right direction :)

Thank you in advance,
Tom
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Fri Apr 12, 2019 12:21 pm

A more fundamental question is: should that service be accessible from internet? And if so, from the whole internet or just specific location?

The default firewall should be:
allow only specific / needed traffic (ip / range / service)
block everything else

This eliminates the need to check on source country, ...
 
albercik
newbie
Topic Author
Posts: 41
Joined: Tue Jul 17, 2018 1:38 pm

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Wed Apr 17, 2019 5:14 pm

Thank you for the reply, and sorry for the delay - I'm overworked recently.

Unfortunately I can't allow only specific IP addresses as it's a connection to SIP server and my Customer's employees are using sip-phone app on their phones, so it's quite unpredictable what will be the user's IP subnet next time...
 
User avatar
inteq
Member
Member
Posts: 402
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Fri May 03, 2019 12:17 pm

Most Telco providers can assign static IPs for SIM cards (for an extra cost)
This is the way I am allowing SIP access for some mobile clients.
 
albercik
newbie
Topic Author
Posts: 41
Joined: Tue Jul 17, 2018 1:38 pm

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Mon May 06, 2019 1:19 pm

Most Telco providers can assign static IPs for SIM cards (for an extra cost)
This is the way I am allowing SIP access for some mobile clients.
In an era of reducing costs to the absolute minimum - none of my Customers will agree to that :D

At this moment - I have automated the process by updating a blocked IPs list by downloading it from my SIP server's iptables once a day. Seem's it's working quite fine :)
 
MangNPB
just joined
Posts: 3
Joined: Thu Jan 21, 2021 8:14 am

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Sat Jul 24, 2021 7:50 pm

If you don't mind sharing that script of yours. I'm currently having almost 30,000 lines of allowed and block ip in the list. Mostly blocked. But still getting a couple attempts from bad actors daily. This would be great addition to the r4011 since it still have plenty resources left to do extra blocking.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Sat Jul 24, 2021 10:12 pm

Isn't the Mikrotik (PHP) API good for this ?
You could make call to the Mikrotik API and have IP address added to some ACL ?

https://gist.github.com/stuudmuffin/ebf ... 05ab2a6094

And search the forum, plenty of API threads I think to get you going.
 
drpioneer
just joined
Posts: 9
Joined: Mon Nov 01, 2021 8:33 am

Re: Script to verify incoming IP address and block it in firewall (add to address list)

Mon Nov 01, 2021 11:05 pm

Hello.

Here is a variant of the blocking script for you: https://forummikrotik.ru/viewtopic.php?p=91125#p91125

Who is online

Users browsing this forum: No registered users and 19 guests