mirror.MikroTik/eworm-de.routeros-scripts_main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2025-08-03 17:54:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fw-addr-lists: add a collective list in default configuration

Browse source
This commit is contained in:
Christian Hesse 2025-02-12 12:13:17 +01:00
parent c8759381e9
commit df631b987d
4 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
doc/fw-addr-lists.md
View file

@ -18,7 +18,8 @@ Description
This script downloads, imports and updates firewall address-lists. Its main
purpose is to block attacking ip addresses, spam hosts, command-and-control
servers and similar malicious entities. The default configuration contains
servers and similar malicious entities. The default configuration contains a
[collective list by GitHub user @stamparm](https://github.com/stamparm/ipsum),
lists from [dshield.org](https://dshield.org/) and
[blocklist.de](https://www.blocklist.de/), and lists from
[spamhaus.org](https://spamhaus.org/) are prepared.

4
global-config.rsc
View file

@ -90,6 +90,7 @@
:global BackupPartitionCopyBeforeFeatureUpdate false;
# This defines the settings for firewall address-lists (fw-addr-lists).
# Warning: Mind your device's resources - memory and processing!
:global FwAddrLists {
# "allow"={
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/allow";
@ -98,6 +99,9 @@
"block"={
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/block";
# cert="ISRG Root X2" };
{ url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt";
# # higher level (decrease the numerical value) for more addresses, and vice versa
cert="DigiCert Global Root G2" };
{ url="https://www.dshield.org/block.txt"; cidr="/24";
cert="ISRG Root X1" };
{ url="https://lists.blocklist.de/lists/strongips.txt";

2
global-functions.rsc
View file

@ -13,7 +13,7 @@
:local ScriptName [ :jobname ];
# expected configuration version
:global ExpectedConfigVersion 132;
:global ExpectedConfigVersion 133;
# global variables not to be changed by user
:global GlobalFunctionsReady false;

1
news-and-changes.rsc
View file

@ -57,6 +57,7 @@
130="Dropped intermediate certificates, depending on just root certificates now.";
131="Enhanced certificate download to fallback to mkcert.org, so all (commonly trusted) root certificates are available now.";
132="Split off plugins from 'check-health', so the script works on all devices to monitor CPU and RAM. The supported plugins for sensors in hardware are installed automatically.";
133="Updated the default configuration for 'fw-addr-lists', deprecated lists were removed, a collective list was added.";
};
# Migration steps to be applied on script updates