Securiser son Mikrotik avec Spamhaus OpenBL Dshield Malc0de Myip Squidblacklist MalwareDomainList

De $1

Sommaire
  1. 1.  Sécuriser son Mikrotik & son réseau en bloquant automatiquement les IPs blacklistées
    1. 1.1.  La récupération / diffusion des fichiers .rsc  
    2. 1.2.  Paramétrages du routeur :
      1. 1.2.1. Openbl :
        1. 1.2.1.1. Les scripts :
        2. 1.2.1.2. La tâche planifiée :
        3. 1.2.1.3. La règle firewall :
      2. 1.2.2. Spamhaus :
        1. 1.2.2.1. Les scripts :
        2. 1.2.2.2. La tâche planifiée :
        3. 1.2.2.3. La règle firewall :
        4. 1.2.2.4. Les scripts :
        5. 1.2.2.5. La tâche planifiée :
        6. 1.2.2.6. La règle firewall :
      3. 1.2.3. Dshield :
        1. 1.2.3.1. Les scripts :
        2. 1.2.3.2. La tâche planifiée :
        3. 1.2.3.3. La règle firewall :
      4. 1.2.4. Malc0de :
        1. 1.2.4.1. Les scripts :
        2. 1.2.4.2. La tâche planifiée :
        3. 1.2.4.3. La règle firewall :
      5. 1.2.5. Myip.ms :
        1. 1.2.5.1. Les scripts :
        2. 1.2.5.2. La tâche planifiée :
        3. 1.2.5.3. La règle firewall :
      6. 1.2.6. Malware Domain List :
        1. 1.2.6.1. Les scripts :
        2. 1.2.6.2. La tâche planifiée :
        3. 1.2.6.3. La règle firewall :
      7. 1.2.7. Blocklist.de :
        1. 1.2.7.1. Les scripts :
        2. 1.2.7.2. La tâche planifiée :
        3. 1.2.7.3. La règle firewall :
      8. 1.2.8. Zeustracker.abuse.ch :
        1. 1.2.8.1. Les scripts :
        2. 1.2.8.2. La tâche planifiée :
        3. 1.2.8.3. La règle firewall :
      9. 1.2.9. Ransomware tracker :
        1. 1.2.9.1. Les scripts :
        2. 1.2.9.2. La tâche planifiée :
        3. 1.2.9.3. La règle firewall :
      10. 1.2.10. Teslacrypt tracker :
        1. 1.2.10.1. Les scripts :
        2. 1.2.10.2. La tâche planifiée :
        3. 1.2.10.3. La règle firewall :
      11. 1.2.11. Cryptowall tracker :
        1. 1.2.11.1. Les scripts :
        2. 1.2.11.2. La tâche planifiée :
        3. 1.2.11.3. La règle firewall :
      12. 1.2.12. Locky tracker :
        1. 1.2.12.1. Les scripts :
        2. 1.2.12.2. La tâche planifiée :
        3. 1.2.12.3. La règle firewall :
      13. 1.2.13. Locky2 tracker :
        1. 1.2.13.1. Les scripts :
        2. 1.2.13.2. La tâche planifiée :
        3. 1.2.13.3. La règle firewall :
      14. 1.2.14. TorrentLockerC2 tracker :
        1. 1.2.14.1. Les scripts :
        2. 1.2.14.2. La tâche planifiée :
        3. 1.2.14.3. La règle firewall :
      15. 1.2.15. TorrentLocker tracker :
        1. 1.2.15.1. Les scripts :
        2. 1.2.15.2. La tâche planifiée :
        3. 1.2.15.3. La règle firewall :
      16. 1.2.16. Atlas attacks 30d :
        1. 1.2.16.1. Les scripts :
        2. 1.2.16.2. La tâche planifiée :
        3. 1.2.16.3. La règle firewall :
      17. 1.2.17. Atlas botnets 30d :
        1. 1.2.17.1. Les scripts :
        2. 1.2.17.2. La tâche planifiée :
        3. 1.2.17.3. La règle firewall :
      18. 1.2.18. Atlas fastflux 30d :
        1. 1.2.18.1. Les scripts :
        2. 1.2.18.2. La tâche planifiée :
        3. 1.2.18.3. La règle firewall :
      19. 1.2.19. Atlas phishing 30d :
        1. 1.2.19.1. Les scripts :
        2. 1.2.19.2. La tâche planifiée :
        3. 1.2.19.3. La règle firewall :
      20. 1.2.20. Atlas scans 30d :
        1. 1.2.20.1. Les scripts :
        2. 1.2.20.2. La tâche planifiée :
        3. 1.2.20.3. La règle firewall :
      21. 1.2.21. BI any 2 30d :
        1. 1.2.21.1. Les scripts :
        2. 1.2.21.2. La tâche planifiée :
        3. 1.2.21.3. La règle firewall :
      22. 1.2.22. Ciarmy :
        1. 1.2.22.1. Les scripts :
        2. 1.2.22.2. La tâche planifiée :
        3. 1.2.22.3. La règle firewall :
      23. 1.2.23. Asprox c2 :
        1. 1.2.23.1. Les scripts :
        2. 1.2.23.2. La tâche planifiée :
        3. 1.2.23.3. La règle firewall :
  2. 2.  Ajouter la  Blacklist US dispo en téléchargement sur Squidblacklist.org
        1. 2.1.1.1. Les scripts :
        2. 2.1.1.2. La tâche planifiée :
        3. 2.1.1.3. La règle firewall :
    1. 2.2. Sources 
  3. 3.  Vous en pensez quoi ?

punaise1.gif

Sommaire

  1. 1.  Sécuriser son Mikrotik & son réseau en bloquant automatiquement les IPs blacklistées
    1. 1.1.  La récupération / diffusion des fichiers .rsc  
    2. 1.2.  Paramétrages du routeur :
      1. 1.2.1. Openbl :
        1. 1.2.1.1. Les scripts :
        2. 1.2.1.2. La tâche planifiée :
        3. 1.2.1.3. La règle firewall :
      2. 1.2.2. Spamhaus :
        1. 1.2.2.1. Les scripts :
        2. 1.2.2.2. La tâche planifiée :
        3. 1.2.2.3. La règle firewall :
        4. 1.2.2.4. Les scripts :
        5. 1.2.2.5. La tâche planifiée :
        6. 1.2.2.6. La règle firewall :
      3. 1.2.3. Dshield :
        1. 1.2.3.1. Les scripts :
        2. 1.2.3.2. La tâche planifiée :
        3. 1.2.3.3. La règle firewall :
      4. 1.2.4. Malc0de :
        1. 1.2.4.1. Les scripts :
        2. 1.2.4.2. La tâche planifiée :
        3. 1.2.4.3. La règle firewall :
      5. 1.2.5. Myip.ms :
        1. 1.2.5.1. Les scripts :
        2. 1.2.5.2. La tâche planifiée :
        3. 1.2.5.3. La règle firewall :
      6. 1.2.6. Malware Domain List :
        1. 1.2.6.1. Les scripts :
        2. 1.2.6.2. La tâche planifiée :
        3. 1.2.6.3. La règle firewall :
      7. 1.2.7. Blocklist.de :
        1. 1.2.7.1. Les scripts :
        2. 1.2.7.2. La tâche planifiée :
        3. 1.2.7.3. La règle firewall :
      8. 1.2.8. Zeustracker.abuse.ch :
        1. 1.2.8.1. Les scripts :
        2. 1.2.8.2. La tâche planifiée :
        3. 1.2.8.3. La règle firewall :
      9. 1.2.9. Ransomware tracker :
        1. 1.2.9.1. Les scripts :
        2. 1.2.9.2. La tâche planifiée :
        3. 1.2.9.3. La règle firewall :
      10. 1.2.10. Teslacrypt tracker :
        1. 1.2.10.1. Les scripts :
        2. 1.2.10.2. La tâche planifiée :
        3. 1.2.10.3. La règle firewall :
      11. 1.2.11. Cryptowall tracker :
        1. 1.2.11.1. Les scripts :
        2. 1.2.11.2. La tâche planifiée :
        3. 1.2.11.3. La règle firewall :
      12. 1.2.12. Locky tracker :
        1. 1.2.12.1. Les scripts :
        2. 1.2.12.2. La tâche planifiée :
        3. 1.2.12.3. La règle firewall :
      13. 1.2.13. Locky2 tracker :
        1. 1.2.13.1. Les scripts :
        2. 1.2.13.2. La tâche planifiée :
        3. 1.2.13.3. La règle firewall :
      14. 1.2.14. TorrentLockerC2 tracker :
        1. 1.2.14.1. Les scripts :
        2. 1.2.14.2. La tâche planifiée :
        3. 1.2.14.3. La règle firewall :
      15. 1.2.15. TorrentLocker tracker :
        1. 1.2.15.1. Les scripts :
        2. 1.2.15.2. La tâche planifiée :
        3. 1.2.15.3. La règle firewall :
      16. 1.2.16. Atlas attacks 30d :
        1. 1.2.16.1. Les scripts :
        2. 1.2.16.2. La tâche planifiée :
        3. 1.2.16.3. La règle firewall :
      17. 1.2.17. Atlas botnets 30d :
        1. 1.2.17.1. Les scripts :
        2. 1.2.17.2. La tâche planifiée :
        3. 1.2.17.3. La règle firewall :
      18. 1.2.18. Atlas fastflux 30d :
        1. 1.2.18.1. Les scripts :
        2. 1.2.18.2. La tâche planifiée :
        3. 1.2.18.3. La règle firewall :
      19. 1.2.19. Atlas phishing 30d :
        1. 1.2.19.1. Les scripts :
        2. 1.2.19.2. La tâche planifiée :
        3. 1.2.19.3. La règle firewall :
      20. 1.2.20. Atlas scans 30d :
        1. 1.2.20.1. Les scripts :
        2. 1.2.20.2. La tâche planifiée :
        3. 1.2.20.3. La règle firewall :
      21. 1.2.21. BI any 2 30d :
        1. 1.2.21.1. Les scripts :
        2. 1.2.21.2. La tâche planifiée :
        3. 1.2.21.3. La règle firewall :
      22. 1.2.22. Ciarmy :
        1. 1.2.22.1. Les scripts :
        2. 1.2.22.2. La tâche planifiée :
        3. 1.2.22.3. La règle firewall :
      23. 1.2.23. Asprox c2 :
        1. 1.2.23.1. Les scripts :
        2. 1.2.23.2. La tâche planifiée :
        3. 1.2.23.3. La règle firewall :
  2. 2.  Ajouter la  Blacklist US dispo en téléchargement sur Squidblacklist.org
        1. 2.1.1.1. Les scripts :
        2. 2.1.1.2. La tâche planifiée :
        3. 2.1.1.3. La règle firewall :
    1. 2.2. Sources 
  3. 3.  Vous en pensez quoi ?

 

 mikrotik.png

 howto05_small.pngSécuriser son Mikrotik & son réseau en bloquant automatiquement les IPs blacklistées

OpenBL, SpamHaus, Dshield, MalcOde, Myip.ms, Squidblacklist, Malwaredomainlist.com, Blocklist.de, Zeustracker et plein d'autres proposent en téléchargements quotidiens des listes d'adresses IP blacklistées.

L'objectif est donc d'intégrer et mettre à jour automatiquement toutes ces bases de données d'IP blacklistées dans le routeur et de créer des règles de bloquage dans le firewall.

Grace à cela, fini les petits malins qui viennent fouiner aux portes du routeur.

 

exclamationpoint01.png

        Faites attention à la consommation mémoire du routeur !

Les blacklists consomment de la mémoire, la quantité de RAM du routeur déterminera donc le nombre de fichiers que vous pourrez intégrer.

 

 installations-logiciels-professionnels-entreprises02_small50.pngLa récupération / diffusion des fichiers .rsc
 

Pour ce tuto, je me suis appuyé sur le blog http://joshaven.com/resources/tricks/mikrotik-automatically-updated-address-list/ que j'ai enrichi.

Il faut d'abord monter un serveur qui récupérera et mettra en forme les fichiers.

Pour les flemmards, j'en ai monté un en libre accès à l'adresse : http://blacklist.yakakliker.org

Ensuite, il suffit sur ce même serveur de planifier le lancement régulier de ce script afin de récupérer et formater les différents fichiers (chez moi c'est toutes les heures) :

blacklist.sh :

#!/bin/sh
saveTo=/var/www/html
now=$(date);
echo "# Generated by Yakakliker.org" `date` > $saveTo/dshield.rsc
echo "/ip firewall address-list" >> $saveTo/dshield.rsc
wget -q -O - http://feeds.dshield.org/block.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.0\t/ { print "add list=dshield address=" $1 "/24 comment=DShield";}' >> $saveTo/dshield.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/spamhaus.rsc
echo "/ip firewall address-list" >> $saveTo/spamhaus.rsc
wget -q -O - http://www.spamhaus.org/drop/drop.txt | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "add list=spamhaus address=" $1 " comment=SpamHaus";}' >> $saveTo/spamhaus.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/spamhaus2.rsc
echo "/ip firewall address-list" >> $saveTo/spamhaus2.rsc
wget -q -O - http://www.spamhaus.org/drop/edrop.txt | awk --posix '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\// { print "add list=edrop address=" $1 " comment=edrop";}' >> $saveTo/spamhaus2.rsc

echo "# Generated by Yakakliker.org base 7 days" `date` > $saveTo/openbl7.rsc
echo "/ip firewall address-list" >> $saveTo/openbl7.rsc
wget -q -O - http://www.openbl.org/lists/base_7days.txt.gz | gunzip | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=openbl7 address=" $1 " comment=OpenBL";}' >> $saveTo/openbl7.rsc

echo "# Generated by Yakakliker.org base 30 days" `date` > $saveTo/openbl30.rsc
echo "/ip firewall address-list" >> $saveTo/openbl30.rsc
wget -q -O - http://www.openbl.org/lists/base_30days.txt.gz | gunzip | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=openbl30 address=" $1 " comment=OpenBL";}' >> $saveTo/openbl30.rsc

echo "# Generated by Yakakliker.org base 60 days" `date` > $saveTo/openbl60.rsc
echo "/ip firewall address-list" >> $saveTo/openbl60.rsc
wget -q -O - http://www.openbl.org/lists/base_60days.txt.gz | gunzip | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=openbl60 address=" $1 " comment=OpenBL";}' >> $saveTo/openbl60.rsc

echo "# Generated by Yakakliker.org base 90 days" `date` > $saveTo/openbl90.rsc
echo "/ip firewall address-list" >> $saveTo/openbl90.rsc
wget -q -O - http://www.openbl.org/lists/base_90days.txt.gz | gunzip | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=openbl90 address=" $1 " comment=OpenBL";}' >> $saveTo/openbl90.rsc

echo "# Generated by Yakakliker.org base 180 days" `date` > $saveTo/openbl180.rsc
echo "/ip firewall address-list" >> $saveTo/openbl180.rsc
wget -q -O - http://www.openbl.org/lists/base_180days.txt.gz | gunzip | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=openbl180 address=" $1 " comment=OpenBL";}' >> $saveTo/openbl180.rsc

echo "# Generated by Yakakliker.org base 360 days" `date` > $saveTo/openbl360.rsc
echo "/ip firewall address-list" >> $saveTo/openbl360.rsc
wget -q -O - http://www.openbl.org/lists/base_360days.txt.gz | gunzip | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=openbl360 address=" $1 " comment=OpenBL";}' >> $saveTo/openbl360.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/malc0de.rsc
echo "/ip firewall address-list" >> $saveTo/malc0de.rsc
wget -q -O - http://malc0de.com/bl/IP_Blacklist.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=malc0de address=" $1 " comment=malc0de";}' >> $saveTo/malc0de.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/tik-usg.rsc
wget -q -O - http://www.squidblacklist.org/downloads/tik-usg.rsc >> $saveTo/tik-usg.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/myipms.rsc
echo "/ip firewall address-list" >> $saveTo/myipms.rsc
wget -q -O - https://myip.ms/files/blacklist/general/latest_blacklist.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=myipms address=" $1 " comment=myipms";}' >> $saveTo/myipms.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/malwaredomainlist.rsc
echo "/ip firewall address-list" >> $saveTo/malwaredomainlist.rsc
wget -q -O - http://www.malwaredomainlist.com/hostslist/ip.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ sub("\r$", "") { print "add list=malwaredomainlist address=" $1 " comment=malwaredomainlist";}' >> $saveTo/malwaredomainlist.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/blocklist.rsc
echo "/ip firewall address-list" >> $saveTo/blocklist.rsc
wget -q -O - https://lists.blocklist.de/lists/all.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=blocklist address=" $1 " comment=blocklist";}' >> $saveTo/blocklist.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/zeustracker.rsc
echo "/ip firewall address-list" >> $saveTo/zeustracker.rsc
wget -q -O - https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=zeustracker address=" $1 " comment=zeustracker";}' >> $saveTo/zeustracker.rsc
  
echo "# Generated by Yakakliker.org" `date` > $saveTo/ransomwaretracker.rsc
echo "/ip firewall address-list" >> $saveTo/ransomwaretracker.rsc
wget -q -O - http://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=ransomwaretracker address=" $1 " comment=ransomwaretracker";}' >> $saveTo/ransomwaretracker.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/CryptoWall.rsc
echo "/ip firewall address-list" >> $saveTo/CryptoWall.rsc
wget -q -O - http://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=CryptoWall address=" $1 " comment=CryptoWall";}' >> $saveTo/CryptoWall.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/Locky.rsc
echo "/ip firewall address-list" >> $saveTo/Locky.rsc
wget -q -O - http://ransomwaretracker.abuse.ch/downloads/LY_C2_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Locky address=" $1 " comment=Locky";}' >> $saveTo/Locky.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/Locky2.rsc
echo "/ip firewall address-list" >> $saveTo/Locky2.rsc
wget -q -O - http://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Locky2 address=" $1 " comment=Locky2";}' >> $saveTo/Locky2.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/TorrentLockerC2.rsc
echo "/ip firewall address-list" >> $saveTo/TorrentLockerC2.rsc
wget -q -O - http://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=TorrentLockerC2 address=" $1 " comment=TorrentLockerC2";}' >> $saveTo/TorrentLockerC2.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/TorrentLocker.rsc
echo "/ip firewall address-list" >> $saveTo/TorrentLocker.rsc
wget -q -O - http://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=TorrentLocker address=" $1 " comment=TorrentLocker";}' >> $saveTo/TorrentLocker.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/Aattack30d.rsc
echo "/ip firewall address-list" >> $saveTo/Aattack30d.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_attacks_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Aattack30d address=" $1 " comment=Aattack30d";}' >> $saveTo/Aattack30d.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/Abotnets30d.rsc
echo "/ip firewall address-list" >> $saveTo/Abotnets30d.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_botnets_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Abotnets30d address=" $1 " comment=Abotnets30d";}' >> $saveTo/Abotnets30d.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/Afastflux30d.rsc
echo "/ip firewall address-list" >> $saveTo/Afastflux30d.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_fastflux_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Afastflux30d address=" $1 " comment=Afastflux30d";}' >> $saveTo/Afastflux30d.rsc

echo "# Generated by Yakakliker.org" `date` > $saveTo/Aphishing30d.rsc
echo "/ip firewall address-list" >> $saveTo/Aphishing30d.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_phishing_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Aphishing30d address=" $1 " comment=Aphishing30d";}' >> $saveTo/Aphishing30d.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/Ascans30d.rsc
echo "/ip firewall address-list" >> $saveTo/Ascans30d.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_scans_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Ascans30d address=" $1 " comment=Ascans30d";}' >> $saveTo/Ascans30d.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/Biany230d.rsc
echo "/ip firewall address-list" >> $saveTo/Biany230d.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_30d.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=Biany230d address=" $1 " comment=Biany230d";}' >> $saveTo/Biany230d.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/ciarmy.rsc
echo "/ip firewall address-list" >> $saveTo/ciarmy.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ciarmy.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=ciarmy address=" $1 " comment=ciarmy";}' >> $saveTo/ciarmy.rsc
 
echo "# Generated by Yakakliker.org" `date` > $saveTo/asproxc2.rsc
echo "/ip firewall address-list" >> $saveTo/asproxc2.rsc
wget -q -O - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/asprox_c2.ipset | awk --posix '/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/ { print "add list=asproxc2 address=" $1 " comment=asproxc2";}' >> $saveTo/asproxc2.rsc

 

root@blacklist:/home/user# crontab -e

0 */1 * * * /home/administrateur/blacklist.sh >> /var/log/blaklist.log

 

Le routeur pourra alors accéder aux différents fichiers en http.

  • Exemple :

http://blacklist.yakakliker.org/openbl.rsc

 

 

 installations-logiciels-professionnels-entreprises02_small50.pngParamétrages du routeur :

  • Openbl :

http://www.openbl.org/lists/

  • Les scripts :
# Script which will download the OpenBL list as a text file
/system script add name="DownloadOpenBL" source={
/tool fetch url="http://blacklist.yakakliker.org/openbl30.rsc" mode=http;
:log info "Downloaded openbl30.rsc from http://blacklist.yakakliker.org";
} 
# Script which will Remove old OpenBL records and add new one
/system script add name="ReplaceOpenBL" source={
/ip firewall address-list remove [find where comment="OpenBL"]
/import file-name=openbl30.rsc;
:log info "Removed old OpenBL records and imported new list";
}
  • La tâche planifiée :
# Schedule the download and application of the openbl list
/system scheduler add comment="Download openbl list" interval=3d name="DownloadOpenBL_List" on-event=DownloadOpenBL start-date=jan/01/1970 start-time=00:42:04
/system scheduler add comment="Apply openbl List" interval=3d name="InstallOpenBL_List" on-event=ReplaceOpenBL start-date=jan/01/1970 start-time=00:47:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Openbl 30 jours" log=yes src-address-list=openbl30

 

  • Spamhaus :

https://www.spamhaus.org/drop

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadSpamhaus" source={
/tool fetch url="http://blacklist.yakakliker.org/spamhaus.rsc" mode=http;
:log info "Downloaded spamhaus.rsc from http://blacklist.yakakliker.org";
}
# Script which will Remove old Spamhaus list and add new one
/system script add name="ReplaceSpamhaus" source={
/ip firewall address-list remove [find where comment="SpamHaus"]
/import file-name=spamhaus.rsc;
:log info "Removed old Spamhaus records and imported new list";
}
  • La tâche planifiée :
# Schedule the download and application of the spamhaus list
/system scheduler add comment="Download spamnaus list" interval=3d name="DownloadSpamhausList" on-event=DownloadSpamhaus start-date=jan/01/1970 start-time=00:08:04
/system scheduler add comment="Apply spamnaus List" interval=3d name="InstallSpamhausList" on-event=ReplaceSpamhaus start-date=jan/01/1970 start-time=00:13:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Spamhaus" log=yes src-address-list=spamhaus

 

  • Les scripts :
# Script which will download the edrop list as a text file
/system script add name="DownloadSpamhaus2" source={
/tool fetch url="http://blacklist.yakakliker.org/spamhaus2.rsc" mode=http;
:log info "Downloaded spamhaus edrop.rsc from http://blacklist.yakakliker.org";
}
# Script which will Remove old Spamhaus list and add new one
/system script add name="ReplaceSpamhaus2" source={
/ip firewall address-list remove [find where comment="edrop"]
/import file-name=spamhaus2.rsc;
:log info "Removed old Spamhaus records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download spamhaus list" interval=3d name="DownloadSpamhausList2" on-event=DownloadSpamhaus2 start-date=jan/01/1970 start-time=01:42:04
/system scheduler add comment="Apply spamhaus List" interval=3d name="InstallSpamhausList2" on-event=ReplaceSpamhaus2 start-date=jan/01/1970 start-time=01:45:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Spamhaus edrop" log=yes src-address-list=edrop

 

  • Dshield :

http://feeds.dshield.org/block.txt

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="Download_dshield" source={
/tool fetch url="http://blacklist.yakakliker.org/dshield.rsc" mode=http;
:log info "Downloaded dshield.rsc from http://blacklist.yakakliker.org";
}
# Script which will Remove old dshield list and add new one
/system script add name="Replace_dshield" source={
/ip firewall address-list remove [find where comment="DShield"]
/import file-name=dshield.rsc;
:log info "Removed old dshield records and imported new list";
}
  • La tâche planifiée :
# Schedule the download and application of the dshield list
/system scheduler add comment="Download dshield list" interval=3d name="DownloadDShieldList" on-event=Download_dshield start-date=jan/01/1970 start-time=00:18:04
/system scheduler add comment="Apply dshield List" interval=3d name="InstallDShieldList" on-event=Replace_dshield start-date=jan/01/1970 start-time=00:23:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Dshield" log=yes src-address-list=dshield

  

  • Malc0de :

http://malc0de.com/bl/

  • Les scripts :
# Script which will download the malc0de list as a text file
/system script add name="Download_malc0de" source={
/tool fetch url="http://blacklist.yakakliker.org/malc0de.rsc" mode=http;
:log info "Downloaded malc0de.rsc from http://blacklist.yakakliker.org";
}
# Script which will Remove old malc0de list and add new one
/system script add name="Replace_malc0de" source={
/ip firewall address-list remove [find where comment="malc0de"]
/import file-name=malc0de.rsc;
:log info "Removed old malc0de records and imported new list";
}
  • La tâche planifiée :
# Schedule the download and application of the malc0de list
/system scheduler add comment="Download malc0de list" interval=3d name="Downloadmalc0deList" on-event=Download_malc0de start-date=jan/01/1970 start-time=00:32:04
/system scheduler add comment="Apply malc0de List" interval=3d name="Installmalc0deList" on-event=Replace_malc0de start-date=jan/01/1970 start-time=00:37:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Malc0de" log=yes src-address-list=malc0de

 

  • Myip.ms :

https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="Downloadmyipms" source={
/tool fetch url="http://blacklist.yakakliker.org/myipms.rsc" mode=http;
:log info "Downloaded Blacklist myipms.rsc from http://www.yakakliker.org";
}
# Script which will Remove old myipms list and add new one
/system script add name="Replacemyipms" source={
/ip firewall address-list remove [find where comment="myipms"]
/import file-name=myipms.rsc;
:log info "Removed old myipms records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download myipms list" interval=1d name="DownloadmyipmsList" on-event=Downloadmyipms start-date=jan/01/1970 start-time=02:00:04
/system scheduler add comment="Apply myipms List" interval=1d name="InstallmyipmsList" on-event=Replacemyipms start-date=jan/01/1970 start-time=02:05:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist myip.ms" log=yes src-address-list=myipms

 

  • Malware Domain List :

http://www.malwaredomainlist.com/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="Downloadmalwaredomainlist" source={
/tool fetch url="http://blacklist.yakakliker.org/malwaredomainlist.rsc" mode=http;
:log info "Downloaded Blacklist malwaredomainlist.rsc from http://www.yakakliker.org";
}
# Script which will Remove old malwaredomainlist list and add new one
/system script add name="Replacemalwaredomainlist" source={
/ip firewall address-list remove [find where comment="malwaredomainlist"]
/import file-name=malwaredomainlist.rsc;
:log info "Removed old malwaredomainlist records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download malwaredomainlist list" interval=1d name="DownloadmalwaredomainlistList" on-event=Downloadmalwaredomainlist start-date=jan/01/1970 start-time=02:10:04
/system scheduler add comment="Apply malwaredomainlist List" interval=1d name="InstallmalwaredomainlistList" on-event=Replacemalwaredomainlist start-date=jan/01/1970 start-time=02:15:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist malwaredomainlist.com" log=yes src-address-list=malwaredomainlist

 

  • Blocklist.de :

http://www.blocklist.de/en/export.html

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="Downloadblocklist" source={
/tool fetch url="http://blacklist.yakakliker.org/blocklist.rsc" mode=http;
:log info "Downloaded Blacklist blocklist.rsc from http://www.yakakliker.org";
}
# Script which will Remove old blocklist list and add new one
/system script add name="Replaceblocklist" source={
/ip firewall address-list remove [find where comment="blocklist"]
/import file-name=blocklist.rsc;
:log info "Removed old blocklist records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download blocklist list" interval=1d name="DownloadblocklistList" on-event=Downloadblocklist start-date=jan/01/1970 start-time=02:20:04
/system scheduler add comment="Apply blocklist List" interval=1d name="InstallblocklistList" on-event=Replaceblocklist start-date=jan/01/1970 start-time=02:25:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist blocklist.de" log=yes src-address-list=blocklist

 

  • Zeustracker.abuse.ch :

https://zeustracker.abuse.ch/blocklist.php

 

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="Downloadzeustracker" source={
/tool fetch url="http://blacklist.yakakliker.org/zeustracker.rsc" mode=http;
:log info "Downloaded Blacklist zeustracker.rsc from http://www.yakakliker.org";
}
# Script which will Remove old zeustracker list and add new one
/system script add name="Replacezeustracker" source={
/ip firewall address-list remove [find where comment="zeustracker"]
/import file-name=zeustracker.rsc;
:log info "Removed old zeustracker records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download zeustracker list" interval=1d name="DownloadzeustrackerList" on-event=Downloadzeustracker start-date=jan/01/1970 start-time=02:30:04
/system scheduler add comment="Apply zeustracker List" interval=1d name="InstallzeustrackerList" on-event=Replacezeustracker start-date=jan/01/1970 start-time=02:35:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist zeustracker" log=yes src-address-list=zeustracker

 

  • Ransomware tracker :

http://ransomwaretracker.abuse.ch/blocklist/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="Downloadransomwaretracker" source={
/tool fetch url="http://blacklist.yakakliker.org/ransomwaretracker.rsc" mode=http;
:log info "Downloaded Blacklist ransomwaretracker.rsc from http://www.yakakliker.org";
}
# Script which will Remove old ransomwaretracker list and add new one
/system script add name="Replaceransomwaretracker" source={
/ip firewall address-list remove [find where comment="ransomwaretracker"]
/import file-name=ransomwaretracker.rsc;
:log info "Removed old ransomwaretracker records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download ransomwaretracker list" interval=1d name="DownloadransomwaretrackerList" on-event=Downloadransomwaretracker start-date=jan/01/1970 start-time=02:40:04
/system scheduler add comment="Apply ransomwaretracker List" interval=1d name="InstallransomwaretrackerList" on-event=Replaceransomwaretracker start-date=jan/01/1970 start-time=02:45:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist ransomwaretracker" log=yes src-address-list=ransomwaretracker

  

  • Teslacrypt tracker :

http://ransomwaretracker.abuse.ch/blocklist/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadTeslaCrypt" source={
/tool fetch url="http://blacklist.yakakliker.org/TeslaCrypt.rsc" mode=http;
:log info "Downloaded Blacklist TeslaCrypt.rsc from http://www.yakakliker.org";
}
# Script which will Remove old TeslaCrypt list and add new one
/system script add name="ReplaceTeslaCrypt" source={
/ip firewall address-list remove [find where comment="TeslaCrypt"]
/import file-name=TeslaCrypt.rsc;
:log info "Removed old TeslaCrypt records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download TeslaCrypt list" interval=1d name="DownloadTeslaCryptList" on-event=DownloadTeslaCrypt start-date=jan/01/1970 start-time=02:50:04
/system scheduler add comment="Apply TeslaCrypt List" interval=1d name="InstallTeslaCryptList" on-event=ReplaceTeslaCrypt start-date=jan/01/1970 start-time=02:55:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist TeslaCrypt" log=yes src-address-list=TeslaCrypt

 

  • Cryptowall tracker :

http://ransomwaretracker.abuse.ch/blocklist/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadCryptoWall" source={
/tool fetch url="http://blacklist.yakakliker.org/CryptoWall.rsc" mode=http;
:log info "Downloaded Blacklist CryptoWall.rsc from http://www.yakakliker.org";
}
# Script which will Remove old CryptoWall list and add new one
/system script add name="ReplaceCryptoWall" source={
/ip firewall address-list remove [find where comment="CryptoWall"]
/import file-name=CryptoWall.rsc;
:log info "Removed old CryptoWall records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download CryptoWall list" interval=1d name="DownloadCryptoWallList" on-event=DownloadCryptoWall start-date=jan/01/1970 start-time=03:00:04
/system scheduler add comment="Apply CryptoWall List" interval=1d name="InstallCryptoWallList" on-event=ReplaceCryptoWall start-date=jan/01/1970 start-time=03:05:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist CryptoWall" log=yes src-address-list=CryptoWall

   

  • Locky tracker :

http://ransomwaretracker.abuse.ch/blocklist/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadLocky" source={
/tool fetch url="http://blacklist.yakakliker.org/Locky.rsc" mode=http;
:log info "Downloaded Blacklist Locky.rsc from http://www.yakakliker.org";
}
# Script which will Remove old Locky list and add new one
/system script add name="ReplaceLocky" source={
/ip firewall address-list remove [find where comment="Locky"]
/import file-name=Locky.rsc;
:log info "Removed old Locky records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download Locky list" interval=1d name="DownloadLockyList" on-event=DownloadLocky start-date=jan/01/1970 start-time=03:10:04
/system scheduler add comment="Apply Locky List" interval=1d name="InstallLockyList" on-event=ReplaceLocky start-date=jan/01/1970 start-time=03:15:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Locky" log=yes src-address-list=Locky

 

  • Locky2 tracker :

http://ransomwaretracker.abuse.ch/blocklist/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadLocky2" source={
/tool fetch url="http://blacklist.yakakliker.org/Locky2.rsc" mode=http;
:log info "Downloaded Blacklist Locky2.rsc from http://www.yakakliker.org";
}
# Script which will Remove old locky2 list and add new one
/system script add name="ReplaceLocky2" source={
/ip firewall address-list remove [find where comment="Locky2"]
/import file-name=Locky2.rsc;
:log info "Removed old Locky2 records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download Locky2 list" interval=1d name="DownloadLocky2List" on-event=DownloadLocky2 start-date=jan/01/1970 start-time=03:10:04
/system scheduler add comment="Apply Locky2 List" interval=1d name="InstallLocky2List" on-event=ReplaceLocky2 start-date=jan/01/1970 start-time=03:15:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Locky2" log=yes src-address-list=Locky2

 

  • TorrentLockerC2 tracker :

http://ransomwaretracker.abuse.ch/blocklist/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadTorrentLockerC2" source={
/tool fetch url="http://blacklist.yakakliker.org/TorrentLockerC2.rsc" mode=http;
:log info "Downloaded Blacklist TorrentLockerC2.rsc from http://www.yakakliker.org";
}
# Script which will Remove old TorrentLockerC2 list and add new one
/system script add name="ReplaceTorrentLockerC2" source={
/ip firewall address-list remove [find where comment="TorrentLockerC2"]
/import file-name=TorrentLockerC2.rsc;
:log info "Removed old TorrentLockerC2 records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download TorrentLockerC2 list" interval=1d name="DownloadTorrentLockerC2List" on-event=DownloadTorrentLockerC2 start-date=jan/01/1970 start-time=03:20:04
/system scheduler add comment="Apply TorrentLockerC2 List" interval=1d name="InstallTorrentLockerC2List" on-event=ReplaceTorrentLockerC2 start-date=jan/01/1970 start-time=03:25:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist TorrentLockerC2" log=yes src-address-list=TorrentLockerC2

 

  • TorrentLocker tracker :

http://ransomwaretracker.abuse.ch/blocklist/

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadTorrentLocker" source={
/tool fetch url="http://blacklist.yakakliker.org/TorrentLocker.rsc" mode=http;
:log info "Downloaded Blacklist TorrentLocker.rsc from http://www.yakakliker.org";
}
# Script which will Remove old TorrentLocker list and add new one
/system script add name="ReplaceTorrentLocker" source={
/ip firewall address-list remove [find where comment="TorrentLocker"]
/import file-name=TorrentLocker.rsc;
:log info "Removed old TorrentLocker records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download TorrentLocker list" interval=1d name="DownloadTorrentLockerList" on-event=DownloadTorrentLocker start-date=jan/01/1970 start-time=03:30:04
/system scheduler add comment="Apply TorrentLocker List" interval=1d name="InstallTorrentLockerList" on-event=ReplaceTorrentLocker start-date=jan/01/1970 start-time=03:35:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist TorrentLocker" log=yes src-address-list=TorrentLocker

 

  • Atlas attacks 30d :

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_attacks_30d.ipset

  • Les scripts :
# Script which will download the drop list as a text file
/system script add name="DownloadAattack30d" source={
/tool fetch url="http://blacklist.yakakliker.org/Aattack30d.rsc" mode=http;
:log info "Downloaded Blacklist Aattack30d.rsc from http://www.yakakliker.org";
}
# Script which will Remove old atlas_attacks_30d list and add new one
/system script add name="ReplaceAattack30d" source={
/ip firewall address-list remove [find where comment="Aattack30d"]
/import file-name=Aattack30d.rsc;
:log info "Removed old atlas_attacks_30d records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download atlas_attacks_30d list" interval=1d name="DownloadAattack30dList" on-event=DownloadAattack30d start-date=jan/01/1970 start-time=03:40:04
/system scheduler add comment="Apply atlas_attacks_30d List" interval=1d name="InstallAattack30dList" on-event=ReplaceAattack30d start-date=jan/01/1970 start-time=03:45:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Aattack30d" log=yes src-address-list="Aattack30d"

 

 

 

  • Atlas botnets 30d :
    Modifier la section

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_botnets_30d.ipset

  • Les scripts :
    Modifier la section
# Script which will download the drop list as a text file
/system script add name="DownloadAbotnets30d" source={
/tool fetch url="http://blacklist.yakakliker.org/Abotnets30d.rsc" mode=http;
:log info "Downloaded Blacklist Abotnets30d.rsc from http://www.yakakliker.org";
}
# Script which will Remove old atlas_attacks_30d list and add new one
/system script add name="ReplaceAbotnets30d" source={
/ip firewall address-list remove [find where comment="Abotnets30d"]
/import file-name=Abotnets30d.rsc;
:log info "Removed old atlas_botnets_30d records and imported new list";
}
  • La tâche planifiée :
    Modifier la section
/system scheduler add comment="Download atlas_botnets_30d list" interval=1d name="DownloadAbotnets30dList" on-event=DownloadAbotnets30d start-date=jan/01/1970 start-time=03:50:04
/system scheduler add comment="Apply atlas_botnets_30d List" interval=1d name="InstallAbotnets30dList" on-event=ReplaceAbotnets30d start-date=jan/01/1970 start-time=03:55:04
  • La règle firewall :
    Modifier la section

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Abotnets30d" log=yes src-address-list="Abotnets30d"

 

 

  • Atlas fastflux 30d :
    Modifier la section

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_fastflux_30d.ipset

  • Les scripts :
    Modifier la section
# Script which will download the drop list as a text file
/system script add name="DownloadAfastflux30d" source={
/tool fetch url="http://blacklist.yakakliker.org/Afastflux30d.rsc" mode=http;
:log info "Downloaded Blacklist Afastflux30d.rsc from http://www.yakakliker.org";
}
# Script which will Remove old atlas_fastflux_30d list and add new one
/system script add name="ReplaceAfastflux30d" source={
/ip firewall address-list remove [find where comment="Afastflux30d"]
/import file-name=Afastflux30d.rsc;
:log info "Removed old atlas_fastflux_30d records and imported new list";
}
  • La tâche planifiée :
    Modifier la section
/system scheduler add comment="Download atlas_fastflux_30d list" interval=1d name="DownloadAfastflux30dList" on-event=DownloadAfastflux30d start-date=jan/01/1970 start-time=04:00:04
/system scheduler add comment="Apply atlas_fastflux_30d List" interval=1d name="InstallAfastflux30dList" on-event=ReplaceAfastflux30d start-date=jan/01/1970 start-time=04:05:04
  • La règle firewall :
    Modifier la section

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Afastflux30d" log=yes src-address-list="Afastflux30d"

 

 

  • Atlas phishing 30d :
    Modifier la section

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_phishing_30d.ipset

  • Les scripts :
    Modifier la section
# Script which will download the drop list as a text file
/system script add name="DownloadAphishing30d" source={
/tool fetch url="http://blacklist.yakakliker.org/Aphishing30d.rsc" mode=http;
:log info "Downloaded Blacklist Aphishing30d.rsc from http://www.yakakliker.org";
}
# Script which will Remove old atlas_phishing_30d list and add new one
/system script add name="ReplaceAphishing30d" source={
/ip firewall address-list remove [find where comment="Aphishing30d"]
/import file-name=Aphishing30d.rsc;
:log info "Removed old atlas_phishing_30d records and imported new list";
}
  • La tâche planifiée :
    Modifier la section
/system scheduler add comment="Download atlas_phishing_30d list" interval=1d name="DownloadAphishing30dList" on-event=DownloadAphishing30d start-date=jan/01/1970 start-time=04:10:04
/system scheduler add comment="Apply atlas_phishing_30d List" interval=1d name="InstallAphishing30dList" on-event=ReplaceAphishing30d start-date=jan/01/1970 start-time=04:15:04
  • La règle firewall :
    Modifier la section

/ip firewall raw

action=drop chain=prerouting comment="Blacklist Aphishing30d" log=yes src-address-list="Aphishing30d"

 

 

  • Atlas scans 30d :
    Modifier la section

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/atlas_scans_30d.ipset

  • Les scripts :
    Modifier la section
# Script which will download the drop list as a text file
/system script add name="DownloadAscans30d" source={
/tool fetch url="http://blacklist.yakakliker.org/Ascans30d.rsc" mode=http;
:log info "Downloaded Blacklist Ascans30d.rsc from http://www.yakakliker.org";
}
# Script which will Remove old atlas_scans_30d list and add new one
/system script add name="ReplaceAscans30d" source={
/ip firewall address-list remove [find where comment="Ascans30d"]
/import file-name=Ascans30d.rsc;
:log info "Removed old atlas_scans_30d records and imported new list";
}
  • La tâche planifiée :
    Modifier la section
/system scheduler add comment="Download atlas_scans_30d list" interval=1d name="DownloadAscans30dList" on-event=DownloadAscans30d start-date=jan/01/1970 start-time=04:10:04
/system scheduler add comment="Apply atlas_scans_30d List" interval=1d name="InstallAscans30dList" on-event=ReplaceAscans30d start-date=jan/01/1970 start-time=04:15:04
  • La règle firewall :
    Modifier la section

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Ascans30d" log=yes src-address-list="Ascans30d"

 

 

  • BI any 2 30d :
    Modifier la section

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_30d.ipset

  • Les scripts :
    Modifier la section
# Script which will download the drop list as a text file
/system script add name="DownloadBiany230d" source={
/tool fetch url="http://blacklist.yakakliker.org/Biany230d.rsc" mode=http;
:log info "Downloaded Blacklist Biany230d.rsc from http://www.yakakliker.org";
}
# Script which will Remove old bi_any_2_30d list and add new one
/system script add name="ReplaceBiany230d" source={
/ip firewall address-list remove [find where comment="Biany230d"]
/import file-name=Biany230d.rsc;
:log info "Removed old bi_any_2_30d records and imported new list";
}
  • La tâche planifiée :
    Modifier la section
/system scheduler add comment="Download bi_any_2_30d list" interval=1d name="DownloadBiany230dList" on-event=DownloadBiany230d start-date=jan/01/1970 start-time=04:20:04
/system scheduler add comment="Apply bi_any_2_30d List" interval=1d name="InstallBiany230dList" on-event=ReplaceBiany230d start-date=jan/01/1970 start-time=04:25:04
  • La règle firewall :
    Modifier la section

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist Biany230d" log=yes src-address-list="Biany230d"

 

 

  • Ciarmy :
    Modifier la section

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ciarmy.ipset

  • Les scripts :
    Modifier la section
# Script which will download the drop list as a text file
/system script add name="Downloadciarmy" source={
/tool fetch url="http://blacklist.yakakliker.org/ciarmy.rsc" mode=http;
:log info "Downloaded Blacklist ciarmy.rsc from http://www.yakakliker.org";
}
# Script which will Remove old ciarmy list and add new one
/system script add name="Replaceciarmy" source={
/ip firewall address-list remove [find where comment="ciarmy"]
/import file-name=ciarmy.rsc;
:log info "Removed old ciarmy records and imported new list";
}
  • La tâche planifiée :
    Modifier la section
/system scheduler add comment="Download ciarmy list" interval=1d name="DownloadciarmyList" on-event=Downloadciarmy start-date=jan/01/1970 start-time=04:30:04
/system scheduler add comment="Apply ciarmy List" interval=1d name="InstallciarmyList" on-event=Replaceciarmy start-date=jan/01/1970 start-time=04:35:04
  • La règle firewall :
    Modifier la section

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist ciarmy" log=yes src-address-list="ciarmy"

 

 

  • Asprox c2 :
    Modifier la section

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/asprox_c2.ipset

  • Les scripts :
    Modifier la section
# Script which will download the drop list as a text file
/system script add name="Downloadasproxc2" source={
/tool fetch url="http://blacklist.yakakliker.org/asproxc2.rsc" mode=http;
:log info "Downloaded Blacklist asproxc2.rsc from http://www.yakakliker.org";
}
# Script which will Remove old asproxc2 list and add new one
/system script add name="Replaceasproxc2" source={
/ip firewall address-list remove [find where comment="asproxc2"]
/import file-name=asproxc2.rsc;
:log info "Removed old asproxc2 records and imported new list";
}
  • La tâche planifiée :
    Modifier la section
/system scheduler add comment="Download asproxc2 list" interval=1d name="Downloadasproxc2List" on-event=Downloadasproxc2 start-date=jan/01/1970 start-time=04:40:04
/system scheduler add comment="Apply asproxc2 List" interval=1d name="Installasproxc2List" on-event=Replaceasproxc2 start-date=jan/01/1970 start-time=04:45:04
  • La règle firewall :
    Modifier la section

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist asproxc2" log=yes src-address-list="asproxc2"

 

 

 

 

 installations-logiciels-professionnels-entreprises02_small50.pngAjouter la  Blacklist US dispo en téléchargement sur Squidblacklist.org

Le site : http://www.squidblacklist.org/downloads.html fourni aussi des fichiers formatés pour pouvoir être intégrés automatiquement dans les routeurs Mikrotik.

  • Les scripts :

On va donc récupérer la liste USG :

# Script which will download the drop list as a text file
/system script add name="Downloadtikusg" source={
/tool fetch url="http://www.squidblacklist.org/downloads/tik-usg.rsc" mode=http;
:log info "Downloaded US Blacklist tik-usg.rsc from http://www.squidblacklist.org";
}
# Script which will Remove old tik-usg list and add new one
/system script add name="Replacetikusg" source={
/ip firewall address-list remove [find where comment="sbl usg"]
/import file-name=tik-usg.rsc;
:log info "Removed old tik-usg records and imported new list";
}
  • La tâche planifiée :
/system scheduler add comment="Download tik-usg list" interval=1d name="DownloadtikusgList" on-event=Downloadtikusg start-date=jan/01/1970 start-time=01:50:04
/system scheduler add comment="Apply tik-usg List" interval=1d name="InstalltikusgList" on-event=Replacetikusg start-date=jan/01/1970 start-time=01:55:04
  • La règle firewall :

/ip firewall raw

add action=drop chain=prerouting comment="Blacklist TIK-USG" log=yes src-address-list="sbl usg"

 

Vous devriez obtenir ceci :

Capture du 2017-02-13 21:40:36.png

 

Dorénavant, si l'adresse IP du visiteur est listée dans une des bases, elle sera automatiquement bloquée donc si vous consultez ce site ben .... c'est qu'vous êtes clean !  gifs-sourires-emotions-0IzWArWi0a.gif

PS : Si vous connaissez d'autres sources permettant de compléter ces règles n'hésitez pas à me les signaler, je me ferai une joie de les intégrer dans la mesure du possible.

 

 howto05_small.pngVous en pensez quoi ?


 

 

 

 

Enrichissez Yakakliker en y contribuant vous aussi.

 
Images (2)
Voir 1 - 2 sur 2 images | Voir tout
Firewall Mikrotik
Firewall Mikrotik
Capture d...  Actions
Aucune description
gifs-sour...  Actions
Commentaires (0)
Vous devez être connecté pour poster un commentaire.