Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol

khalildelavaran · Sun Mar 05, 2023 12:00 pm

Turn Mikrotik into a powerful firewall
I have written a script for firewall firehol blacklist, which I have written in three scripts due to its length.

Script Firehol 1

ip firewall address-list
:local update do={
:do {
:local data ([:tool fetch url=$url output=user as-value]->"data")
remove [find list=blacklist comment=$description]
:while ([:len $data]!=0) do={
:if ([:pick $data 0 [:find $data "\n"]]~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") do={
:do {add list=blacklist address=([:pick $data 0 [:find $data $delimiter]].$cidr) comment=$description timeout=1d} on-error={}
}
:if ([:pick $data 0 [:find $data "\n"]]~"[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,5}(:[0-9]{1,5})?(\\/.*)?") do={
:do {add list=blacklist address=([:pick $data 0 [:find $data $delimiter]].$cidr) comment=$description timeout=1d} on-error={}
}
:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]
}
} on-error={:log warning "Address list <$description> update failed"}
}
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/alienvault_reputation.ipset description="firehol-lienvault_reputation" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/asprox_c2.ipset description="firehol-asprox_c2" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_banjori.ipset description="firehol-bambenek_banjori" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_bebloh.ipset description="firehol-bambenek_bebloh" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_c2.ipset description="firehol-bambenek_c2" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_cl.ipset description="firehol-bambenek_cl" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_cryptowall.ipset description="firehol-bambenek_cryptowall" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_dircrypt.ipset description="firehol-bambenek_dircrypt" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_dyre.ipset description="firehol-bambenek_dyre" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_geodo.ipset description="firehol-bambenek_geodo" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_hesperbot.ipset description="firehol-bambenek_hesperbot" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_matsnu.ipset description="firehol-bambenek_matsnu" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_necurs.ipset description="firehol-bambenek_necurs" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_p2pgoz.ipset description="firehol-bambenek_p2pgoz" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_pushdo.ipset description="firehol-bambenek_pushdo" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_pykspa.ipset description="firehol-bambenek_pykspa" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_qakbot.ipset description="firehol-bambenek_qakbot" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_ramnit.ipset description="firehol-bambenek_ramnit" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_ranbyus.ipset description="firehol-bambenek_ranbyus" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_simda.ipset description="firehol-bambenek_simda" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_suppobox.ipset description="firehol-bambenek_suppobox" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_symmi.ipset description="firehol-bambenek_symmi" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_tinba.ipset description="firehol-bambenek_tinba" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bambenek_volatile.ipset description="firehol-bambenek_volatile" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bbcan177_ms1.netset description="firehol-bbcan177_ms1" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bbcan177_ms3.netset description="firehol-bbcan177_ms3" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bds_atif.ipset description="firehol-bds_atif" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_0_1d.ipset description="firehol-bi_any_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_1_7d.ipset description="firehol-bi_any_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_1d.ipset description="firehol-bi_any_2_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_30d.ipset description="firehol-bi_any_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_7d.ipset description="firehol-bi_any_2_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache-404_0_1d.ipset description="firehol-bi_apache-404_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache-modsec_0_1d.ipset description="firehol-bi_apache-modsec_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache-noscript_0_1d.ipset description="firehol-bi_apache-noscript_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache-noscript_2_30d.ipset description="firehol-bi_apache-noscript_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache-phpmyadmin_0_1d.ipset description="firehol-bi_apache-phpmyadmin_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache-scriddies_0_1d.ipset description="firehol-bi_apache-scriddies_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache_0_1d.ipset description="firehol-bi_apache_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache_1_7d.ipset description="firehol-bi_apache_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apache_2_30d.ipset description="firehol-bi_apache_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_apacheddos_0_1d.ipset description="firehol-bi_apacheddos_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_assp_0_1d.ipset description="firehol-bi_assp_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_asterisk_0_1d.ipset description="firehol-bi_asterisk_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_asterisk_2_30d.ipset description="firehol-bi_asterisk_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_badbots_0_1d.ipset description="firehol-bi_badbots_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_badbots_1_7d.ipset description="firehol-bi_badbots_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_bruteforce_0_1d.ipset description="firehol-bi_bruteforce_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_bruteforce_1_7d.ipset description="firehol-bi_bruteforce_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_cms_0_1d.ipset description="firehol-bi_cms_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_cms_1_7d.ipset description="firehol-bi_cms_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_cms_2_30d.ipset description="firehol-bi_cms_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_courierauth_0_1d.ipset description="firehol-bi_courierauth_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_courierauth_2_30d.ipset description="firehol-bi_courierauth_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_default_0_1d.ipset description="firehol-bi_default_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_default_1_7d.ipset description="firehol-bi_default_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_default_2_30d.ipset description="firehol-bi_default_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_dns_0_1d.ipset description="firehol-bi_dns_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_dovecot-pop3imap_0_1d.ipset description="firehol-bi_dovecot-pop3imap_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_dovecot-pop3imap_2_30d.ipset description="firehol-bi_dovecot-pop3imap_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_dovecot_0_1d.ipset description="firehol-bi_dovecot_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_dovecot_1_7d.ipset description="firehol-bi_dovecot_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_dovecot_2_30d.ipset description="firehol-bi_dovecot_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_drupal_0_1d.ipset description="firehol-bi_drupal_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_exim_0_1d.ipset description="firehol-bi_exim_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_exim_1_7d.ipset description="firehol-bi_exim_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ftp_0_1d.ipset description="firehol-bi_ftp_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ftp_1_7d.ipset description="firehol-bi_ftp_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ftp_2_30d.ipset description="firehol-bi_ftp_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_http_0_1d.ipset description="firehol-bi_http_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_http_1_7d.ipset description="firehol-bi_http_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_http_2_30d.ipset description="firehol-bi_http_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_imap_0_1d.ipset description="firehol-bi_imap_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_mail_0_1d.ipset description="firehol-bi_mail_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_mail_1_7d.ipset description="firehol-bi_mail_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_mail_2_30d.ipset description="firehol-bi_mail_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_named_0_1d.ipset description="firehol-bi_named_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_owncloud_0_1d.ipset description="firehol-bi_owncloud_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_plesk-postfix_0_1d.ipset description="firehol-bi_plesk-postfix_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_postfix-sasl_0_1d.ipset description="firehol-bi_postfix-sasl_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_postfix-sasl_1_7d.ipset description="firehol-bi_postfix-sasl_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_postfix-sasl_2_30d.ipset description="firehol-bi_postfix-sasl_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_postfix_0_1d.ipset description="firehol-bi_postfix_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_postfix_1_7d.ipset description="firehol-bi_postfix_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_postfix_2_30d.ipset description="firehol-bi_postfix_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_proftpd_0_1d.ipset description="firehol-bi_proftpd_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_proftpd_1_7d.ipset description="firehol-bi_proftpd_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_proftpd_2_30d.ipset description="firehol-bi_proftpd_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_pureftpd_0_1d.ipset description="firehol-bi_pureftpd_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_pureftpd_1_7d.ipset description="firehol-bi_pureftpd_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_pureftpd_2_30d.ipset description="firehol-bi_pureftpd_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_qmail-smtp_0_1d.ipset description="firehol-bi_qmail-smtp_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_rdp_0_1d.ipset description="firehol-bi_rdp_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sasl_0_1d.ipset description="firehol-bi_sasl_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sasl_1_7d.ipset description="firehol-bi_sasl_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sasl_2_30d.ipset description="firehol-bi_sasl_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sip_0_1d.ipset description="firehol-bi_sip_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sip_1_7d.ipset description="firehol-bi_sip_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sip_2_30d.ipset description="firehol-bi_sip_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_smtp_0_1d.ipset description="firehol-bi_smtp_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_spam_0_1d.ipset description="firehol-bi_spam_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_spam_1_7d.ipset description="firehol-bi_spam_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sql-attack_0_1d.ipset description="firehol-bi_sql-attack_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sql_0_1d.ipset description="firehol-bi_sql_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ssh-blocklist_0_1d.ipset description="firehol-bi_ssh-blocklist_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ssh-ddos_0_1d.ipset description="firehol-bi_ssh-ddos_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ssh-ddos_2_30d.ipset description="firehol-bi_ssh-ddos_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ssh_0_1d.ipset description="firehol-bi_ssh_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ssh_1_7d.ipset description="firehol-bi_ssh_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_ssh_2_30d.ipset description="firehol-bi_ssh_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sshd_0_1d.ipset description="firehol-bi_sshd_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sshd_1_7d.ipset description="firehol-bi_sshd_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_sshd_2_30d.ipset description="firehol-bi_sshd_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_telnet_0_1d.ipset description="firehol-bi_telnet_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_telnet_1_7d.ipset description="firehol-bi_telnet_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_telnet_2_30d.ipset description="firehol-bi_telnet_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_unknown_0_1d.ipset description="firehol-bi_unknown_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_unknown_1_7d.ipset description="firehol-bi_unknown_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_unknown_2_30d.ipset description="firehol-bi_unknown_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_username-notfound_0_1d.ipset description="firehol-bi_username-notfound_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_voip_0_1d.ipset description="firehol-bi_voip_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_voip_1_7d.ipset description="firehol-bi_voip_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_voip_2_30d.ipset description="firehol-bi_voip_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_vsftpd_0_1d.ipset description="firehol-bi_vsftpd_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_vsftpd_2_30d.ipset description="firehol-bi_vsftpd_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_wordpress_0_1d.ipset description="firehol-bi_wordpress_0_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_wordpress_1_7d.ipset description="firehol-bi_wordpress_1_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_wordpress_2_30d.ipset description="firehol-bi_wordpress_2_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_blockchain_info_1d.ipset description="firehol-bitcoin_blockchain_info_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_blockchain_info_30d.ipset description="firehol-bitcoin_blockchain_info_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_blockchain_info_7d.ipset description="firehol-bitcoin_blockchain_info_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes.ipset description="firehol-bitcoin_nodes" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_1d.ipset description="firehol-bitcoin_nodes_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_30d.ipset description="firehol-bitcoin_nodes_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bitcoin_nodes_7d.ipset description="firehol-bitcoin_nodes_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de.ipset description="firehol-blocklist_de" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_apache.ipset description="firehol-blocklist_de_apache" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_bots.ipset description="firehol-blocklist_de_bots" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_bruteforce.ipset description="firehol-blocklist_de_bruteforce" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_ftp.ipset description="firehol-blocklist_de_ftp" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_imap.ipset description="firehol-blocklist_de_imap" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_mail.ipset description="firehol-blocklist_de_mail" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_sip.ipset description="firehol-blocklist_de_sip" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_ssh.ipset description="firehol-blocklist_de_ssh" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_de_strongips.ipset description="firehol-blocklist_de_strongips" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/blocklist_net_ua.ipset description="firehol-blocklist_net_ua" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bm_tor.ipset description="firehol-bm_tor" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout.ipset description="firehol-botscout" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_1d.ipset description="firehol-botscout_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_30d.ipset description="firehol-botscout_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botscout_7d.ipset description="firehol-botscout_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botvrij_dst.ipset description="firehol-botvrij_dst" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/botvrij_src.ipset description="firehol-botvrij_src" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bruteforceblocker.ipset description="firehol-bruteforceblocker" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ciarmy.ipset description="firehol-ciarmy" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cidr_report_bogons.netset description="firehol-cidr_report_bogons" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleanmx_phishing.ipset description="firehol-cleanmx_phishing" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleanmx_viruses.ipset description="firehol-cleanmx_viruses" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk.ipset description="firehol-cleantalk" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_1d.ipset description="firehol-cleantalk_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_30d.ipset description="firehol-cleantalk_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_7d.ipset description="firehol-cleantalk_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_new.ipset description="firehol-cleantalk_new" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_new_1d.ipset description="firehol-cleantalk_new_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_new_30d.ipset description="firehol-cleantalk_new_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_new_7d.ipset description="firehol-cleantalk_new_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_top20.ipset description="firehol-cleantalk_top20" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_updated.ipset description="firehol-cleantalk_updated" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_updated_1d.ipset description="firehol-cleantalk_updated_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_updated_30d.ipset description="firehol-cleantalk_updated_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cleantalk_updated_7d.ipset description="firehol-cleantalk_updated_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/coinbl_hosts.ipset description="firehol-coinbl_hosts" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/coinbl_hosts_browser.ipset description="firehol-coinbl_hosts_browser" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/coinbl_hosts_optional.ipset description="firehol-coinbl_hosts_optional" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/coinbl_ips.ipset description="firehol-coinbl_ips" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cruzit_web_attacks.ipset description="firehol-cruzit_web_attacks" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cta_cryptowall.ipset description="firehol-cta_cryptowall" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cybercrime.ipset description="firehol-cybercrime" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/darklist_de.netset description="firehol-darklist_de" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/datacenters.netset description="firehol-datacenters" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dm_tor.ipset description="firehol-dm_tor" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dshield.netset description="firehol-dshield" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dshield_1d.netset description="firehol-dshield_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dshield_30d.netset description="firehol-dshield_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dshield_7d.netset description="firehol-dshield_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dshield_top_1000.ipset description="firehol-dshield_top_1000" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/dyndns_ponmocup.ipset description="firehol-dyndns_ponmocup" delimiter=("\n")

Script Fiehol2

ip firewall address-list
:local update do={
:do {
:local data ([:tool fetch url=$url output=user as-value]->"data")
:while ([:len $data]!=0) do={
:if ([:pick $data 0 [:find $data "\n"]]~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") do={
:do {add list=blacklist address=([:pick $data 0 [:find $data $delimiter]].$cidr) comment=$description timeout=1d} on-error={}
}
:if ([:pick $data 0 [:find $data "\n"]]~"[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,5}(:[0-9]{1,5})?(\\/.*)?") do={
:do {add list=blacklist address=([:pick $data 0 [:find $data $delimiter]].$cidr) comment=$description timeout=1d} on-error={}
}
:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]
}
} on-error={:log warning "Address list <$description> update failed"}
}
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_14072015_com.ipset description="firehol-esentire_14072015_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_14072015q_com.ipset description="firehol-esentire_14072015q_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_22072014a_com.ipset description="firehol-esentire_22072014a_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_22072014b_com.ipset description="firehol-esentire_22072014b_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_22072014c_com.ipset description="firehol-esentire_22072014c_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_atomictrivia_ru.ipset description="firehol-esentire_atomictrivia_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_auth_update_ru.ipset description="firehol-esentire_auth_update_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_burmundisoul_ru.ipset description="firehol-esentire_burmundisoul_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_crazyerror_su.ipset description="firehol-esentire_crazyerror_su" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_dagestanskiiviskis_ru.ipset description="firehol-esentire_dagestanskiiviskis_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_differentia_ru.ipset description="firehol-esentire_differentia_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_disorderstatus_ru.ipset description="firehol-esentire_disorderstatus_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_dorttlokolrt_com.ipset description="firehol-esentire_dorttlokolrt_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_downs1_ru.ipset description="firehol-esentire_downs1_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_ebankoalalusys_ru.ipset description="firehol-esentire_ebankoalalusys_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_emptyarray_ru.ipset description="firehol-esentire_emptyarray_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_fioartd_com.ipset description="firehol-esentire_fioartd_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_getarohirodrons_com.ipset description="firehol-esentire_getarohirodrons_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_hasanhashsde_ru.ipset description="firehol-esentire_hasanhashsde_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_inleet_ru.ipset description="firehol-esentire_inleet_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_islamislamdi_ru.ipset description="firehol-esentire_islamislamdi_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_krnqlwlplttc_com.ipset description="firehol-esentire_krnqlwlplttc_com" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_maddox1_ru.ipset description="firehol-esentire_maddox1_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_manning1_ru.ipset description="firehol-esentire_manning1_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_misteryherson_ru.ipset description="firehol-esentire_misteryherson_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_mysebstarion_ru.ipset description="firehol-esentire_mysebstarion_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_smartfoodsglutenfree_kz.ipset description="firehol-esentire_smartfoodsglutenfree_kz" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_venerologvasan93_ru.ipset description="firehol-esentire_venerologvasan93_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/esentire_volaya_ru.ipset description="firehol-esentire_volaya_ru" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_block.netset description="firehol-et_block" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_botcc.ipset description="firehol-et_botcc" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_compromised.ipset description="firehol-et_compromised" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_dshield.netset description="firehol-et_dshield" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_spamhaus.netset description="firehol-et_spamhaus" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/et_tor.ipset description="firehol-et_tor" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/feodo.ipset description="firehol-feodo" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/feodo_badips.ipset description="firehol-feodo_badips" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_1d.netset description="firehol-firehol_abusers_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_abusers_30d.netset description="firehol-firehol_abusers_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_anonymous.netset description="firehol-firehol_anonymous" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset description="firehol-firehol_level1" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset description="firehol-firehol_level2" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset description="firehol-firehol_level3" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset description="firehol-firehol_level4" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_proxies.netset description="firehol-firehol_proxies" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_webclient.netset description="firehol-firehol_webclient" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_webserver.netset description="firehol-firehol_webserver" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/gofferje_sip.netset description="firehol-gofferje_sip" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/gpf_comics.ipset description="firehol-gpf_comics" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/graphiclineweb.netset description="firehol-graphiclineweb" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/greensnow.ipset description="firehol-greensnow" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/haley_ssh.ipset description="firehol-haley_ssh" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_ats.ipset description="firehol-hphosts_ats" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_emd.ipset description="firehol-hphosts_emd" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_exp.ipset description="firehol-hphosts_exp" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_fsa.ipset description="firehol-hphosts_fsa" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_grm.ipset description="firehol-hphosts_grm" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_hfs.ipset description="firehol-hphosts_hfs" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_hjk.ipset description="firehol-hphosts_hjk" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_mmt.ipset description="firehol-hphosts_mmt" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_pha.ipset description="firehol-hphosts_pha" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_psh.ipset description="firehol-hphosts_psh" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/hphosts_wrz.ipset description="firehol-hphosts_wrz" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_abuse_palevo.netset description="firehol-iblocklist_abuse_palevo" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_abuse_spyeye.netset description="firehol-iblocklist_abuse_spyeye" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_abuse_zeus.netset description="firehol-iblocklist_abuse_zeus" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_ciarmy_malicious.netset description="firehol-iblocklist_ciarmy_malicious" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_cidr_report_bogons.netset description="firehol-iblocklist_cidr_report_bogons" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_cruzit_web_attacks.netset description="firehol-iblocklist_cruzit_web_attacks" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_aol.netset description="firehol-iblocklist_isp_aol" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_att.netset description="firehol-iblocklist_isp_att" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_cablevision.netset description="firehol-iblocklist_isp_cablevision" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_charter.netset description="firehol-iblocklist_isp_charter" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_comcast.netset description="firehol-iblocklist_isp_comcast" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_embarq.netset description="firehol-iblocklist_isp_embarq" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_qwest.netset description="firehol-iblocklist_isp_qwest" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_sprint.netset description="firehol-iblocklist_isp_sprint" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_suddenlink.netset description="firehol-iblocklist_isp_suddenlink" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_twc.netset description="firehol-iblocklist_isp_twc" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_isp_verizon.netset description="firehol-iblocklist_isp_verizon" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_malc0de.netset description="firehol-iblocklist_malc0de" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_onion_router.netset description="firehol-iblocklist_onion_router" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_activision.netset description="firehol-iblocklist_org_activision" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_apple.netset description="firehol-iblocklist_org_apple" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_blizzard.netset description="firehol-iblocklist_org_blizzard" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_crowd_control.netset description="firehol-iblocklist_org_crowd_control" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_electronic_arts.netset description="firehol-iblocklist_org_electronic" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_joost.netset description="firehol-iblocklist_org_joost" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_linden_lab.netset description="firehol-iblocklist_org_linden_lab" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_logmein.netset description="firehol-iblocklist_org_logmein" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_ncsoft.netset description="firehol-iblocklist_org_ncsoft" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_nintendo.netset description="firehol-iblocklist_org_nintendo" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_pandora.netset description="firehol-iblocklist_org_pandora" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_pirate_bay.netset description="firehol-iblocklist_org_pirate_bay" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_punkbuster.netset description="firehol-iblocklist_org_punkbuster" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_riot_games.netset description="firehol-iblocklist_org_riot_games" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_sony_online.netset description="firehol-iblocklist_org_sony_online" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_square_enix.netset description="firehol-iblocklist_org_square_enix" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_steam.netset description="firehol-iblocklist_org_steam" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_ubisoft.netset description="firehol-iblocklist_org_ubisoft" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_org_xfire.netset description="firehol-iblocklist_org_xfire" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_pedophiles.netset description="firehol-iblocklist_pedophiles" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_spamhaus_drop.netset description="firehol-iblocklist_spamhaus_drop" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iblocklist_yoyo_adservers.netset description="firehol-iblocklist_yoyo_adservers" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ipblacklistcloud_recent.ipset description="firehol-ipblacklistcloud_recent" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ipblacklistcloud_recent_1d.ipset description="firehol-ipblacklistcloud_recent_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ipblacklistcloud_recent_30d.ipset description="firehol-ipblacklistcloud_recent_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ipblacklistcloud_recent_7d.ipset description="firehol-ipblacklistcloud_recent_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ipblacklistcloud_top.ipset description="firehol-ipblacklistcloud_top" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iw_spamlist.ipset description="firehol-iw_spamlist" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/iw_wormlist.ipset description="firehol-iw_wormlist" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/lashback_ubl.ipset description="firehol-lashback_ubl" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malc0de.ipset description="firehol-malc0de" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/malwaredomainlist.ipset description="firehol-malwaredomainlist" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/maxmind_proxy_fraud.ipset description="firehol-maxmind_proxy_fraud" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/myip.ipset description="firehol-myip" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/nixspam.ipset description="firehol-nixspam" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_attack.ipset description="firehol-normshield_all_attack" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_bruteforce.ipset description="firehol-normshield_all_bruteforce" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_ddosbot.ipset description="firehol-normshield_all_ddosbot" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_dnsscan.ipset description="firehol-normshield_all_dnsscan" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_spam.ipset description="firehol-normshield_all_spam" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_suspicious.ipset description="firehol-normshield_all_suspicious" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_wannacry.ipset description="firehol-normshield_all_wannacry" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_webscan.ipset description="firehol-normshield_all_webscan" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_all_wormscan.ipset description="firehol-normshield_all_wormscan" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_attack.ipset description="firehol-normshield_high_attack" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_bruteforce.ipset description="firehol-normshield_high_bruteforce" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_ddosbot.ipset description="firehol-normshield_high_ddosbot" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_dnsscan.ipset description="firehol-normshield_high_dnsscan" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_spam.ipset description="firehol-normshield_high_spam" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_suspicious.ipset description="firehol-normshield_high_suspicious" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_wannacry.ipset description="firehol-normshield_high_wannacry" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_webscan.ipset description="firehol-normshield_high_webscan" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/normshield_high_wormscan.ipset description="firehol-normshield_high_wormscan" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/nt_malware_dns.ipset description="firehol-nt_malware_dns" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/nt_malware_http.ipset description="firehol-nt_malware_http" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/nt_malware_irc.ipset description="firehol-nt_malware_irc" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/nt_ssh_7d.ipset description="firehol-nt_ssh_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/nullsecure.ipset description="firehol-nullsecure" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/packetmail.ipset description="firehol-packetmail" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/packetmail_emerging_ips.ipset description="firehol-packetmail_emerging_ips" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/packetmail_mail.ipset description="firehol-packetmail_mail" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/packetmail_ramnode.ipset description="firehol-packetmail_ramnode" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_commenters.ipset description="firehol-php_commenters" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_commenters_1d.ipset description="firehol-php_commenters_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_commenters_30d.ipset description="firehol-php_commenters_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_commenters_7d.ipset description="firehol-php_commenters_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_dictionary.ipset description="firehol-php_dictionary" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_dictionary_1d.ipset description="firehol-php_dictionary_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_dictionary_30d.ipset description="firehol-php_dictionary_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_dictionary_7d.ipset description="firehol-php_dictionary_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_harvesters.ipset description="firehol-php_harvesters" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_harvesters_1d.ipset description="firehol-php_harvesters_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_harvesters_30d.ipset description="firehol-php_harvesters_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_harvesters_7d.ipset description="firehol-php_harvesters_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_spammers.ipset description="firehol-php_spammers" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_spammers_1d.ipset description="firehol-php_spammers_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_spammers_30d.ipset description="firehol-php_spammers_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/php_spammers_7d.ipset description="firehol-php_spammers_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists.ipset description="firehol-proxylists" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_1d.ipset description="firehol-proxylists_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_30d.ipset description="firehol-proxylists_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists_7d.ipset description="firehol-proxylists_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss.ipset description="firehol-proxyrss" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_1d.ipset description="firehol-proxyrss_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_30d.ipset description="firehol-proxyrss_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyrss_7d.ipset description="firehol-proxyrss_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_1d.ipset description="firehol-proxyspy_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_30d.ipset description="firehol-proxyspy_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxyspy_7d.ipset description="firehol-proxyspy_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxz.ipset description="firehol-proxz" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxz_1d.ipset description="firehol-proxz_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxz_30d.ipset description="firehol-proxz_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxz_7d.ipset description="firehol-proxz_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/pushing_inertia_blocklist.netset description="firehol-pushing_inertia_blocklist" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_cryptowall_ps.ipset description="firehol-ransomware_cryptowall_ps" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_feed.ipset description="firehol-ransomware_feed" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_locky_c2.ipset description="firehol-ransomware_locky_c2" delimiter=("\n")

Script Firehol 3

ip firewall address-list
:local update do={
:do {
:local data ([:tool fetch url=$url output=user as-value]->"data")
:while ([:len $data]!=0) do={
:if ([:pick $data 0 [:find $data "\n"]]~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") do={
:do {add list=blacklist address=([:pick $data 0 [:find $data $delimiter]].$cidr) comment=$description timeout=1d} on-error={}
}
:if ([:pick $data 0 [:find $data "\n"]]~"[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,5}(:[0-9]{1,5})?(\\/.*)?") do={
:do {add list=blacklist address=([:pick $data 0 [:find $data $delimiter]].$cidr) comment=$description timeout=1d} on-error={}
}
:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]
}
} on-error={:log warning "Address list <$description> update failed"}
}
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_locky_ps.ipset description="firehol-ransomware_locky_ps" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_online.ipset description="firehol-ransomware_online" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_rw.ipset description="firehol-ransomware_rw" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_teslacrypt_ps.ipset description="firehol-ransomware_teslacrypt_ps" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_torrentlocker_c2.ipset description="firehol-ransomware_torrentlocker_c2" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ransomware_torrentlocker_ps.ipset description="firehol-ransomware_torrentlocker_ps" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_connect_proxies.ipset description="firehol-ri_connect_proxies" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_connect_proxies_1d.ipset description="firehol-ri_connect_proxies_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_connect_proxies_30d.ipset description="firehol-ri_connect_proxies_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_connect_proxies_7d.ipset description="firehol-ri_connect_proxies_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies.ipset description="firehol-ri_web_proxies" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_1d.ipset description="firehol-ri_web_proxies_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_30d.ipset description="firehol-ri_web_proxies_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ri_web_proxies_7d.ipset description="firehol-ri_web_proxies_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sblam.ipset description="firehol-sblam" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/snort_ipfilter.ipset description="firehol-snort_ipfilter" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy.ipset description="firehol-socks_proxy" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_1d.ipset description="firehol-socks_proxy_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_30d.ipset description="firehol-socks_proxy_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/socks_proxy_7d.ipset description="firehol-socks_proxy_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/spamhaus_drop.netset description="firehol-spamhaus_drop" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/spamhaus_edrop.netset description="firehol-spamhaus_edrop" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslbl.ipset description="firehol-sslbl" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslbl_aggressive.ipset description="firehol-sslbl_aggressive" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies.ipset description="firehol-sslproxies" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_1d.ipset description="firehol-sslproxies_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_30d.ipset description="firehol-sslproxies_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/sslproxies_7d.ipset description="firehol-sslproxies_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam.ipset description="firehol-stopforumspam" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_180d.ipset description="firehol-stopforumspam_180d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_1d.ipset description="firehol-stopforumspam_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_30d.ipset description="firehol-stopforumspam_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_365d.ipset description="firehol-stopforumspam_365d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_7d.ipset description="firehol-stopforumspam_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_90d.ipset description="firehol-topforumspam_90d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_toxic.netset description="firehol-stopforumspam_toxic" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/taichung.ipset description="firehol-taichung" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/talosintel_ipfilter.ipset description="firehol-talosintel_ipfilter" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/threatcrowd.ipset description="firehol-threatcrowd" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/tor_exits.ipset description="firehol-tor_exits" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/tor_exits_1d.ipset description="firehol-tor_exits_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/tor_exits_30d.ipset description="firehol-tor_exits_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/tor_exits_7d.ipset description="firehol-tor_exits_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/turris_greylist.ipset description="firehol-turris_greylist" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_dns.ipset description="firehol-urandomusto_dns" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_ftp.ipset description="firehol-urandomusto_ftp" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_http.ipset description="firehol-urandomusto_http" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_mailer.ipset description="firehol-urandomusto_mailer" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_malware.ipset description="firehol-urandomusto_malware" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_ntp.ipset description="firehol-urandomusto_ntp" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_rdp.ipset description="firehol-urandomusto_rdp" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_smb.ipset description="firehol-urandomusto_smb" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_spam.ipset description="firehol-urandomusto_spam" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_ssh.ipset description="firehol-urandomusto_ssh" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_telnet.ipset description="firehol-urandomusto_telnet" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_unspecified.ipset description="firehol-urandomusto_unspecified" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urandomusto_vnc.ipset description="firehol-urandomusto_vnc" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/urlvir.ipset description="firehol-urlvir" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/uscert_hidden_cobra.ipset description="firehol-uscert_hidden_cobra" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/voipbl.netset description="firehol-voipbl" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/vxvault.ipset description="firehol-vxvault" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/xforce_bccs.ipset description="firehol-xforce_bccs" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/xroxy.ipset description="firehol-xroxy" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/xroxy_1d.ipset description="firehol-xroxy_1d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/xroxy_30d.ipset description="firehol-xroxy_30d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/xroxy_7d.ipset description="firehol-xroxy_7d" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/yoyo_adservers.ipset description="firehol-yoyo_adservers" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/zeus.ipset description="firehol-zeus" delimiter=("\n")
$update url=https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/zeus_badips.ipset description="firehol-zeus_badips" delimiter=("\n")

Also, to use this blacklist, write the following rules in the firewall

add chain=input action=drop comment="Drop new connections from blacklisted IP's to this router" connection-state=new src-address-list=blacklist in-interface=ether1-Internet

I will be glad to see your feedback.
All the best to you
Khalil Delavaran

R1CH · Sun Mar 05, 2023 6:09 pm

This is unnecessary, all input on the WAN side should be blocked by default.

jvanhambelgium · Sun Mar 05, 2023 6:20 pm

This is unnecessary, all input on the WAN side should be blocked by default.

Sure, but you could also block OUTGOING traffic towards any of these IP's. This might indicate some internal compromise of some system.
And IF you run any services (eg. webserver, VPN-server) you cannot just "all input on the WAN should be blocked" do this ...

I agree for a simple home setup with nothing internal accessible etc.

anav · Sun Mar 05, 2023 6:25 pm

Nothing wrong with putting black hole entries on IP routes for bogons...
But I suspect the OP simply wants to block any outbound requests to bad sites.

This can be intentional or unintentional like clicking on a phishing link.
However, this work has already been discussed a gazillion time and best left to a service that is more thorough and efficient
MOAB comes to mind as a very cheap, install it, and get on with life approach as opposed to doing a half effort which takes constant care and feeding.
https://itexpertoncall.com/promotional/moab.html

mozerd · Sun Mar 05, 2023 8:11 pm

@khalildelavaran
Nice work

Just a few comments

1. There are many many duplicate IP when all the lists are brought in
2. Your script does not check for file size of the list so some of them could hit a wall
3 .Some of the Tik models do not have enough memory to store large lists of IP addresses

If you optimize your script to check for duplicate ip addresses , file size and take into account device memory dependencies your blacklist work will have value for many

Good luck

jvanhambelgium · Sun Mar 05, 2023 8:41 pm

I've tried them on my RB5009 on the latest 7.8 and I do get *a lot* of errors where the list fails to update.
Some even "script error: error - contact MikroTik support and send a supout file (10)"

Screenshot from 2023-03-05 19-39-19.png

On what platform did you test these scripts ?

After running the 3 scripts my combined "blacklist" is good for about 103 000 entries
Perhaps you should consider some non RouterOS script that acts like a solid pre-processor of these lists and for example reduces duplicates etc.
On RouterOS platform that support containers, a simple Linux container could be deployed performing these fetch + pre-process actions. Finally a RouterOS script could fetch the final list.

Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol [SOLVED]

Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol [SOLVED]

Re: Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol

Re: Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol

Re: Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol

Re: Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol

Re: Turn Mikrotik into a POWERFULL FireWall with BlackList Firehol

Who is online