Firetik is a list of malicious IPs that should be blocked on the network. The list is based on Firehol, which is composed of Fullbogons – the unroutable IPs, Spamhaus drop and edrop – Don’t Route Or Peer IPs, Dshield – the top 20 attacking class-C and Malware lists – the Command and Control IPs
The script works as a Firewall for your network that blocks malicious IPs with Firehol_Level1’s dynamic list as your database.
IMPLEMENTATION:
Code: (copy each block and paste it to terminal)
Script which will download the drop list as a text file
/system script add name="DownloadFirehol" source={ /tool fetch url="https://binary.ph/firehol/firehol.rsc" mode=https; }
Script which will Remove old Firehol list and add new one
/system script add name="ReplaceFirehol" source={/file
:global firehol [/file get firehol.rsc contents];
:if (firehol != "") do={/ip firewall address-list remove [find where comment="firehol"]
/import file-name=firehol.rsc;}}
Schedule the download and application of the Firehol list
/system scheduler add comment="Download Firehol list" interval=1d name="DownloadFireholList" on-event=DownloadFirehol start-date=jan/01/1970 start-time=08:51:27
/system scheduler add comment="Apply Firehol list" interval=1d name="InstallFireholList" on-event=ReplaceFirehol start-date=jan/01/1970 start-time=08:56:27
Run the DownloadFirehol script for first-time setup
/system script run DownloadFirehol
Run the ReplaceFirehol script for first-time setup
/system script run ReplaceFirehol
Script to add the firehol list in Firewall Filter Rules
/ip firewall filter
add chain=forward action=drop comment="Firehol list" connection-state=new dst-address-list=firehol
Note:
This script is only for Firehol_level1, you can read more about other levels here:
Firehol_level1: https://iplists.firehol.org/?ipset=firehol_level1
Firehol_level2: https://iplists.firehol.org/?ipset=firehol_level2
Firehol_level3: https://iplists.firehol.org/?ipset=firehol_level3
Firehol_level4: https://iplists.firehol.org/?ipset=firehol_level4
You may contact me for support in applying other levels, see About page.
#Thanks to Joshaven for sharing his automated scripts and to Firehol.org for sharing their dynamic list of malicious IPs