For some this is nothing new, but for others it might prove to be quite a valued resource, so we decided to make it available gratis for the public as a way of giving back and saying thank you to all those who have supported us, besides, we cant really charge for it, it isnt our work!

Spamhaus and DShield malicious ips combined into a single import script.

Blog post about it http://blog.squidblacklist.org/?p=297

Can be downloaded at the following url.
http://www.squidblacklist.org/downloads ... icious.rsc

And heres a couple of bonus free blacklists.

Tor Nodes IP Firewall Blacklist
http://www.squidblacklist.org/downloads ... rnodes.rsc
An ads blacklist for RouterOS DNS:
http://www.squidblacklist.org/downloads/tik-dns-ads.rsc

Firewall Rules Here: And a couple more to help secure your networks!
http://joshaven.com/malc0de.rsc
http://joshaven.com/openbl.rsc

Credit to the Author for making these resources available.
Read more from the publisher http://joshaven.com/resources/tricks/mi ... ress-list/

The following single firewall rule will setup BOTH of the Josh Aven blacklists. Login To Winbox - Scheduling update tasks for your blacklists.
Go to System - Scheduler. and create a new task by clicking the blue plus button.




First schedule a download task:
Next schedule an import task: ( We disable logging temporarily to alleviate excessive disk writes that could result in early nand memory failures.)


(paste this into the scheduler box) Now do the same for the rest of your blacklists.
( Heads up: Issue with Spamhaus2 missing text: Fixed )

Thank you for providing this. However, the script is currently (as of 2/6/16) exiting to an error after the spamhaus1 import update. It appears to be missing the following:

I've been offering this for a while, with a few advantages.

http://forum.mikrotik.com/viewtopic.php?f=9&t=98804

I use Dynamic address lists. This keeps the IP's in memory and dramatically reduces the number of flash writes. The script tells the server the some basics about the router, and the server is able to send more or less addresses, based on the CPU and memory. This is helpful because in addition to the DShield and Spamhaus blocklists, My server collects IPs from just over 100 other Mikrotik routers and IDS boxes looking for active attacks. So, there are days that the list can ballon up to over 50k IPs during an active DDOS attack.

Very nice. Thanks, David!

Thank you for providing this. However, the script is currently (as of 2/6/16) exiting to an error after the spamhaus1 import update. It appears to be missing the following:

Code: Select all

:log info "drop.spamhaus2 script import started"
:foreach subnet in [/ip firewall address-list find list=drop.spamhaus2] do={ /ip firewall address-list remove $subnet }

Oh boy, Ill get that fixed right away. (3 months later)

I've been offering this for a while, with a few advantages.

http://forum.mikrotik.com/viewtopic.php?f=9&t=98804

I use Dynamic address lists. This keeps the IP's in memory and dramatically reduces the number of flash writes. The script tells the server the some basics about the router, and the server is able to send more or less addresses, based on the CPU and memory. This is helpful because in addition to the DShield and Spamhaus blocklists, My server collects IPs from just over 100 other Mikrotik routers and IDS boxes looking for active attacks. So, there are days that the list can ballon up to over 50k IPs during an active DDOS attack.

NICE! Im earger to check it out!

Thank you for providing this. However, the script is currently (as of 2/6/16) exiting to an error after the spamhaus1 import update. It appears to be missing the following:

Code: Select all

:log info "drop.spamhaus2 script import started"
:foreach subnet in [/ip firewall address-list find list=drop.spamhaus2] do={ /ip firewall address-list remove $subnet }

Issue resolved. ( Now if youll excuse me I have to go wipe this egg off my face )

Hi Squidblacklist
Can you please add the filter rules that you are using.

Bigfoot

is this work ?

is this work ?

Sure does, I have been using it for over a year on my units without issue, updating every 3 hours.

Hi Squidblacklist
Can you please add the filter rules that you are using.

Bigfoot

Sure. I have updated the original post with more detailed instructions as well as two more free blacklists.

I've been offering this for a while, with a few advantages.
.

Hey Dave, I know you are big into this stuff, so I wanted to give you the heads up on these other blacklists now available for RouterOS thanks to Josh Aven.

http://joshaven.com/malc0de.rsc
http://joshaven.com/openbl.rsc

He has taken the time to write up a few comprehensive pages so I thought you might be interested.

Been using them already for years. My server can take just about any blacklist in any format and puts it into RouterOS format.

Hi Squidblacklist
The filer rules is no correct, I belief it must look like this.
Bigfoot

Hi Squidblacklist
The filer rules is no correct, I belief it must look like this.

Code: Select all

/ip firewall filter add chain=input src-address-list=drop.dshield action=drop log=yes comment="drop.dshield"
/ip firewall filter add chain=input src-address-list=drop.spamhaus1 action=drop log=yes comment="drop.spamhaus1"
/ip firewall filter add chain=input src-address-list=drop.spamhaus2 action=drop log=yes comment="drop.spamhaus2"

Bigfoot

Yes and No, Yes in that you would only require the qoutes if you were manually entering it into a terminal or including the commands in a script.

And No, in that when you use commands in winbox scheduler, you dont need the quotes.

Sharp