ipv6

Firetik_ipv6 is a list of malicious IPv6 addresses designed to be blocked on your network. This list is based on the Spamhaus IPv6 Don’t Route Or Peer (DROPv6) list.

The script functions as a firewall for your network, automatically blocking malicious IPv6 addresses using the dynamic Spamhaus DROPv6 database as its foundation.

IMPLEMENTATION:

Code: (copy each block and paste it to terminal)

Script which will download the drop list as a text file

/system script add name="DownloadFirehol_ipv6" source={ /tool fetch url="https://binary.ph/firehol/firehol_ipv6.rsc" mode=https; }

Script which will Remove old Firehol list and add new one

/system script add name="ReplaceFirehol_ipv6" source={/file
:global fireholipv6 [/file get firehol_ipv6.rsc contents];
:if (fireholipv6 != "") do={/ipv6 firewall address-list remove [find where comment="firehol_ipv6"]

/import file-name=firehol_ipv6.rsc;}}

Schedule the download and application of the Firehol list

/system scheduler add comment="Download Firehol list_ipv6" interval=1d name="DownloadFireholList_ipv6" on-event=DownloadFirehol_ipv6 start-date=jan/01/1970 start-time=09:51:27

/system scheduler add comment="Apply Firehol list_ipv6" interval=1d name="InstallFireholList_ipv6" on-event=ReplaceFirehol_ipv6 start-date=jan/01/1970 start-time=09:56:27

Run the DownloadFirehol script for first-time setup

/system script run DownloadFirehol_ipv6

Run the ReplaceFirehol script for first-time setup

/system script run ReplaceFirehol_ipv6

Script to add the firehol list in Firewall Filter Rules

/ipv6 firewall filter
add chain=forward action=drop comment="Firehol list_ipv6" connection-state=new dst-address-list=firehol_ipv6