Backstory
For years now I have been creating address lists and using them to block bad actors (bots, spammers, etc) on my firewalls.
What I essentailly do is:
Code: Select all
remove [/ip firewall address-list find list=my_address_list]
add list=my_address_list address=<an ip>
add list=my_address_list address=<another ip>
...
The problem
Thing is that as we're moving forward my lists are getting fairly large, and import times are now close to 10 minutes on overclocked CCR1072s.
There have been numerous threads on the topic of efficiently loading large address lists, but there is no better solution than the one I stated above.
Furthermore, for the time that we're waiting for the lists to delete and reload, we essentially have a small security hole in that time.
What I propose
Extend the CLI for /ip firewall address-list :
- Add an "empty" command, so we can empty an address list without addinf the overhead of a "find"
- Add a "set from file" command so we can directly add from a txt address list
- Add an "append from file"
Would be nice if the devs gave this a thought, it would make many of our lives much easier!