multiduplikator / mikrotik_blocklist
Aggregated blocklist for mikrotik (and others)
AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing multiduplikator/mikrotik_blocklist in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Overview (README excerpt)
Crawler viewMikroTik Blocklist An aggregated IP blocklist for MikroTik RouterOS firewalls, compiled from multiple threat intelligence sources. Tried and tested on ROS 7.21.2 and Alpine container on ROSE 7.21.2 - latest at the time of writing. Overview This project provides pre-aggregated blocklists optimized for MikroTik routers. By using CIDR prefix aggregation, we minimize the number of address-list entries while maintaining comprehensive coverage — improving router performance and reducing memory usage. **Update frequency:** Every 3 hours Available Lists | List | File | Entries | Sources | |------|------|---------|---------| | Standard | / | ~20k | Core threat feeds | | Large | / | ~25k | Core + CINS Army | | Extra Large | / | ~68k | All sources including IPsum L1 | Sources | Source | Description | Standard | Large | XL | |--------|-------------|:--------:|:-----:|:--:| | Tor Exit Nodes | Tor exit node IPs | ✓ | ✓ | ✓ | | Spamhaus DROP | "Don't Route Or Peer" list | ✓ | ✓ | ✓ | | SSL Blacklist | Botnet C&C servers | ✓ | ✓ | ✓ | | Blocklist.de | Fail2ban reported IPs | ✓ | ✓ | ✓ | | Feodo Tracker | Banking trojan C&C servers | ✓ | ✓ | ✓ | | FireHOL Level 1 | Aggregated threat intelligence | ✓ | ✓ | ✓ | | IPsum Level 3 | High-confidence threat IPs (3+ hits) | ✓ | ✓ | ✓ | | CINS Army | Collective Intelligence Network Security | | ✓ | ✓ | | IPsum Level 1 | Broader threat IPs (1+ hits) | | | ✓ | Filtered Addresses The following are automatically excluded: • Private ranges: , , • Loopback: • Multicast: • Reserved: (added to blocklist), • Whitelisted: (Microsoft Teams), (Microsoft Teams) --- Blocklist Generation The blocklist is generated using a sh script for IP extraction, validation, and CIDR aggregation. Dependencies • • • • • (only for iprange version) • • (for publishing) Generator Script (gawk version) Generator Script (iprange version, approx. 5-10x faster, but edge/testing dependency) --- RouterOS Implementation Firewall Setup Before using the blocklist, ensure you have appropriate firewall rules. Consider using the table for best performance. See MikroTik's Advanced Firewall Guide for details. Example rule (add to your firewall): Script 1: Download **Policy:** **Schedule:** Every 3 hours Script 2: Differential Update **Policy:** **Schedule:** Every 3 hours, 5 minutes after download This script performs differential updates — only adding new entries and removing stale ones. This approach maintains continuous protection without any gap in coverage. Important Notes • **First Run:** On initial setup, won't exist. The script will simply add all entries. • **Index 0 Bug Fix:** Previous versions used which incorrectly handled IPs at array index 0. The fix uses to properly detect if an IP was found. • **Performance:** Expect 90-150 seconds for ~25k entries on a CCR-1036 or CCR-2004 • **Logging:** The script disables logging rule 0 during execution to prevent thousands of "address-list entry added/removed" log messages. --- License This project aggregates publicly available threat intelligence feeds. Please respect the terms of use of each source.