Firetik_ipv6 is a list of malicious IPs that should be blocked on the network. The list is based on Spamhaus ipv6 Don’t Route Or Peer Lists (DROPv6)
The script works as a Firewall for your network that blocks malicious IPv6 with Spamhaus DROPv6’s dynamic list as your database.
IMPLEMENTATION:
Code: (copy each block and paste it to terminal)
Script which will download the drop list as a text file
/system script add name="DownloadFirehol_ipv6" source={ /tool fetch url="https://binary.ph/firehol/firehol_ipv6.rsc" mode=https; }
Script which will Remove old Firehol list and add new one
/system script add name="ReplaceFirehol_ipv6" source={/file
:global fireholipv6 [/file get firehol_ipv6.rsc contents];
:if (fireholipv6 != "") do={/ipv6 firewall address-list remove [find where comment="firehol_ipv6"]
/import file-name=firehol_ipv6.rsc;}}
Schedule the download and application of the Firehol list
/system scheduler add comment="Download Firehol list_ipv6" interval=1d name="DownloadFireholList_ipv6" on-event=DownloadFirehol_ipv6 start-date=jan/01/1970 start-time=09:51:27
/system scheduler add comment="Apply Firehol list_ipv6" interval=1d name="InstallFireholList_ipv6" on-event=ReplaceFirehol_ipv6 start-date=jan/01/1970 start-time=09:56:27
Run the DownloadFirehol script for first-time setup
/system script run DownloadFirehol_ipv6
Run the ReplaceFirehol script for first-time setup
/system script run ReplaceFirehol_ipv6
Script to add the firehol list in Firewall Filter Rules
/ipv6 firewall filter
add chain=forward action=drop comment="Firehol list_ipv6" connection-state=new dst-address-list=firehol_ipv6