Mikrotik IPv6 Firewall is a list of malicious IPv6 addresses designed to be blocked on your network. This list is based on the Spamhaus IPv6 Don’t Route Or Peer (DROPv6) list.
The Mikrotik IPv6 Firewall script functions as a firewall for your network, automatically blocking malicious IPv6 addresses using the dynamic Spamhaus DROPv6 database as its foundation.
IMPLEMENTATION:
Code: (copy each block and paste it to terminal)
Script which will download the drop list as a text file
/system script add name="DownloadFirehol_ipv6" source={ /tool fetch url="https://binary.ph/firehol/firehol_ipv6.rsc" mode=https; }Script which will Remove old Firehol list and add new one
/system script add name="ReplaceFirehol_ipv6" source={/file
:global fireholipv6 [/file get firehol_ipv6.rsc contents];
:if (fireholipv6 != "") do={/ipv6 firewall address-list remove [find where comment="firehol_ipv6"]
/import file-name=firehol_ipv6.rsc;}}Schedule the download and application of the Firehol list
/system scheduler add comment="Download Firehol list_ipv6" interval=1d name="DownloadFireholList_ipv6" on-event="/system script run DownloadFirehol_ipv6" start-date=jan/01/1970 start-time=09:51:27
/system scheduler add comment="Apply Firehol list_ipv6" interval=1d name="InstallFireholList_ipv6" on-event="/system script run ReplaceFirehol_ipv6" start-date=jan/01/1970 start-time=09:56:27Run the DownloadFirehol script for first-time setup
/system script run DownloadFirehol_ipv6Run the ReplaceFirehol script for first-time setup
/system script run ReplaceFirehol_ipv6Script to add the firehol list in Firewall Filter Rules
/ipv6 firewall filter
add chain=forward action=drop comment="Firehol list_ipv6" connection-state=new dst-address-list=firehol_ipv6