Mikrotik Firewall – A RouterOs script to block a dynamic list of malicious IPs from Firehol_level1

Firetik is a list of malicious IPs that should be blocked on the network. The list is based on Firehol, which is composed of Fullbogons – the unroutable IPs, Spamhaus drop and edrop – Don’t Route Or Peer IPs, Dshield – the top 20 attacking class-C and Malware lists – the Command and Control IPs

The script works as a Firewall for your network that blocks malicious IPs with Firehol_Level1’s dynamic list as your database.

IMPLEMENTATION:

Code: (copy each block and paste it to terminal)

Script which will download the drop list as a text file


/system script add name="DownloadFirehol" source={ /tool fetch url="https://binary.ph/firehol/firehol.rsc" mode=https; }

Script which will Remove old Firehol list and add new one


/system script add name="ReplaceFirehol" source={/file
:global firehol [/file get firehol.rsc contents];
:if (firehol != "") do={/ip firewall address-list remove [find where comment="firehol"]

/import file-name=firehol.rsc;}}

Schedule the download and application of the Firehol list


/system scheduler add comment="Download Firehol list" interval=1d name="DownloadFireholList" on-event=DownloadFirehol start-date=jan/01/1970 start-time=08:51:27

/system scheduler add comment="Apply Firehol list" interval=1d name="InstallFireholList" on-event=ReplaceFirehol start-date=jan/01/1970 start-time=08:56:27

Run the DownloadFirehol script for first-time setup


/system script run DownloadFirehol

Run the ReplaceFirehol script for first-time setup


/system script run ReplaceFirehol

Script to add the firehol list in Firewall Filter Rules


/ip firewall filter
add chain=forward action=drop comment="Firehol list" connection-state=new dst-address-list=firehol

Note:
This script is only for Firehol_level1, you can read more about other levels here:

Firehol_level1: https://iplists.firehol.org/?ipset=firehol_level1
Firehol_level2: https://iplists.firehol.org/?ipset=firehol_level2
Firehol_level3: https://iplists.firehol.org/?ipset=firehol_level3
Firehol_level4: https://iplists.firehol.org/?ipset=firehol_level4

You may contact me for support in applying other levels, see About page.

#Thanks to Joshaven for sharing his automated scripts and to Firehol.org for sharing their dynamic list of malicious IPs