Hello,

We getting bogon list on bgp, and would like this list addresses to be added to a rule, how can i do this with a script,

routes with certain comment, to be added to an address list, which i can drop.

The script can be run every 60 min, so it deletes the addresses and created the table back again.

any help on this

thanks,

Bogon?

Bogon not longer exist, all IP are assigned, two year ago on 2013/02/23.

You intend special purpose IP?
Like this list:

/ip firewall address-lst
add address=0.0.0.0/8 comment="Rete interna" list=lista_ip_bloccati
add address=127.0.0.0/8 comment=Loopback list=lista_ip_bloccati
add address=192.0.0.0/29 comment=DS-Lite list=lista_ip_bloccati
add address=192.0.2.0/24 comment=TEST-NET list=lista_ip_bloccati
add address=198.18.0.0/15 comment=INTER-NETWORK list=lista_ip_bloccati
add address=198.51.100.0/24 comment=TEST-NET-2 list=lista_ip_bloccati
add address=203.0.113.0/24 comment=TEST-NET-3 list=lista_ip_bloccati
add address=224.0.0.0/4 comment=Multicast list=lista_ip_bloccati
add address=240.0.0.0/5 comment="Class E" list=lista_ip_bloccati
add address=248.0.0.0/5 comment="Reserved (!255.255.255.255 Broadcast)" list=lista_ip_bloccati
add address=10.0.0.0/8 list=lista_ip_network_private
add address=172.16.0.0/12 list=lista_ip_network_private
add address=192.168.0.0/16 list=lista_ip_network_private
add address=169.254.0.0/16 list=lista_ip_network_private
add address=100.64.0.0/10 list=lista_ip_no_queue

Bogons do exist and are the physical particle of bogusness.

Thanks for the response. The bogon list I get from Team Cymru, and its on a bgp session, i found out this script but it does not work anymore on ver 6,

http://wiki.mikrotik.com/wiki/Generate_ ... ting-marks

\n:local bogon\r\
\n:log info \"Removing all BOGONS, starting sync.\" \r\
\n:foreach subnet in [/ipv6 firewall address-list find list=IPv6-bogons] do { \r\
\n/ipv6 firewall address-list remove \$subnet \r\
\n}\r\
\n\r\
\n:foreach subnet in [/ipv6 route find comment=bogon] do { \r\
\n:set bogon [/ipv6 route get \$subnet dst-address] \r\
\n/ipv6 firewall address-list add list=IPv6-bogons address=\$bogon \r\
\n}"


any help much appreciated.

anybody ?

I'm using my local server (php & crontab)

=======================================================

bogons.php :

• #!/usr/local/bin/php
  <?php
  
  $file = file('http://www.team-cymru.org/Services/Bogo ... s-ipv4.txt');
  $num = 0;
  $g=1;
  $tmp=true;
  while ($tmp) {
  $tmp = array_slice($file, $num*215, 215);
  if($tmp) {
  
  file_put_contents("bog/output$num.txt", $tmp);
  }
  $num++;
  }
  
  file_put_contents("bog/pieces.txt", $num-1)
  
  
  ?>

==================================================

in cron

0 6 * * * root cd /usr/local/www/apache24/data && php bogons.php

=====================================================

• 3 scripts in Mikrotik
  
  • 1.bogons_fetcher
    
    /tool fetch address="192.168.1.2" mode="http" port=84 src-path="/bog/pieces.txt" dst-path="bog/pieces.txt"
    
    :delay 10
    
    /system script run bogons_pieces
  2.bogons_pieces
  
  :if ( [/file get [/file find name="bog/pieces.txt"] size] > 0 ) do={
  
  :global prfxses [/file get [/file find name="bog/pieces.txt"] contents] ;
  :global prfend 0;
  
  :do {
  
  /tool fetch address="192.168.1.2" mode="http" port=84 src-path="/bog/output$prfend.txt" dst-path="bog/output$prfend.txt"
  :set prfend ( $prfend + 1 ) ;
  
  } while=( $prfend < $prfxses ); /system script run bogons_addresses } else={ /system script run bogons_fetcher }
  
  3.bogons_addresses
  
  :global cprfxses [/file get [/file find name="bog/pieces.txt"] contents] ;
  :global cprfend 0;
  
  /ip firewall address-list remove [/ip firewall address-list find list=bogons]
  
  :do {
  
  :global content [/file get [/file find name="bog/output$cprfend.txt"] contents] ;
  :global contentLen [ :len $content ] ;
  
  :global lineEnd 0;
  :global line "";
  :global lastEnd 0;
  
  :do {
  :set lineEnd [:find $content "\n" $lastEnd ] ;
  :set line [:pick $content $lastEnd $lineEnd] ;
  :set lastEnd ( $lineEnd + 1 ) ;
  
  #If the line doesn't start with a hash then process and add to the list
  :if ( [:pick $line 0 1] != "#" ) do={
  
  :local entry [:pick $line 0 ($lineEnd -1) ]
  :if ( [:len $entry ] > 0 ) do={
  
  /ip firewall address-list add list=bogons address=$line
  }
  }
  } while=($lineEnd + 1 < $contentLen) ;
  :set cprfend ( $cprfend + 1 ) ;
  } while=($cprfend < $cprfxses)
  
  :log info "///----> Bogons list Updated";

I also have email information about update complete & item counter


/tool e-mail send to=name @ email.com subject=("BOGONS List Updated & contains: " .[/ip fire address-list print count-only where list=bogons]. " items")