Hi everyone,

Someone more familiar can you tell is it already available the following:
- fetch the latest data from RIPE (most secure place) - https://ftp.ripe.net/pub/stats/ripencc/2024/
- rewrite the file compatible for Mikrotik way - something like

Code: Select all

"add address=1.0.0.0/24 comment="United States of America" list=GeoIPBlocked"

- block all type (TCP and UDP) incoming traffic (on all ports) to WAN for all countries except (for example Bulgaria, Germany and UK)
Google, NTP servers and so on can be excluded (don't know how)

Thank you in advance.

if your router is able to process a million of address list rules - it will work
https://mikrotikconfig.com/firewall/

Hi everyone,

Someone more familiar can you tell is it already available the following:
- fetch the latest data from RIPE (most secure place) - https://ftp.ripe.net/pub/stats/ripencc/2024/
- rewrite the file compatible for Mikrotik way - something like

Code: Select all

"add address=1.0.0.0/24 comment="United States of America" list=GeoIPBlocked"

- block all type (TCP and UDP) incoming traffic (on all ports) to WAN for all countries except (for example Bulgaria, Germany and UK)
Google, NTP servers and so on can be excluded (don't know how)

Thank you in advance.

Already done by other people.
https://blog.erben.sk/2014/02/06/countr ... ip-ranges/

It's not work anymore.

It's not work anymore.

that's not true, lists are successfully generated

If the allow list is smaller than the block list, then allow followed by a general block entry.

If the allow list is smaller than the block list, then allow followed by a general block entry.

This has nothing with what I am saying. CIDRs are changed any month and the real trustee here is only RIPE.