MIKROTIK: SETUP SQUIDBLACKLIST FIREWALL – Telegraph
MIKROTIK: SETUP SQUIDBLACKLIST FIREWALL
Networking, Security / August 17, 2017 / By Marthur Jones
Earlier this year I started using both free and subscription-based blacklists from Squidblacklists.org. The blacklists were incredibly simple to implement into RouterOS and once configured, the lists can be scheduled to update at regular intervals via the RouterOS system scheduler. Squidblacklist.org provides a list of available blacklists, but make sure to review the blacklist compatibility chart first, before implementing the list into your RouterOS configuration. In addition, you will need to change the “dst-path” value to an existing path for the script to work. If you want to download the blacklist to the root of your MikroTik you can delete the “dst-path” property and its value entirely. Also, make sure that the “in-interface” and “out-interface” property value is set to that of your network environments WAN interface. Should you choose the “All-In-One Firewall/Filter Setup” script (via copy/paste in the MikroTik terminal), you will need to enable the scheduled tasks, since they are disabled by default in the script.
ALL-IN-ONE FIREWALL/FILTER SETUP
/system script #CREATE DOWNLOAD BLACKLISTS SCRIPT add comment=Firewall name=Blacklist_SquidBlacklist_Download_drop.malicious.rsc policy=read,test source=":log warning \"START - Download blacklist (drop.malicious.rsc) updates.\";\r\ \n/tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc dst-path=/disk1/blacklists/drop.malicious.rsc\r\ \n:log warning \"END - Download blacklist (drop.malicious.rsc) updates.\";" #CREATE IMPORT BLACKLISTS SCRIPT add comment=Firewall name=Blacklist_SquidBlacklist_Import_drop.malicious.rsc policy=read,write source=":log warning \"START - Import blacklist (drop.malicious.rsc) update.\";\r\ \nimport /disk1/blacklists/drop.malicious.rsc\r\ \n:log warning \"END - Import blacklist (drop.malicious.rsc) update.\";" /system scheduler #CREATE DOWNLOAD BLACKLISTS SCHEDULER add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Download_drop.malicious.rsc on-event="/system script run Blacklist_SquidBlacklist_Download_drop.malicious.rsc" policy=read,test start-date=jan/01/2017 start-time=01:00:00 disabled=yes #CREATE IMPORT BLACKLISTS SCHEDULER add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Import_drop.malicious.rsc on-event="/system script run Blacklist_SquidBlacklist_Import_drop.malicious.rsc" policy=read,write start-date=jan/01/2017 start-time=01:15:00 disabled=yes /ip firewall filter #CREATE INPUT RULES FOR BLACKLISTS add action=drop chain=input in-interface=ether1 src-address-list="sbl blocklist.de" log=yes log-prefix="BL_sbl blocklist.de" comment="Squild Blacklist: SBL Blocklist.de." add action=drop chain=input in-interface=ether1 src-address-list="sbl dshield" log=yes log-prefix="BL_sbl dshield" comment="Squild Blacklist: SBL DShield." add action=drop chain=input in-interface=ether1 src-address-list="sbl spamhaus" log=yes log-prefix="BL_sbl spamhaus" comment="Squild Blacklist: SBL Spamhaus." /ip firewall filter #CREATE FORWARD RULES FOR BLACKLISTS add action=drop chain=forward out-interface=ether1 dst-address-list="sbl blocklist.de" log=yes log-prefix="BL_sbl blocklist.de" comment="Squild Blacklist: SBL Blocklist.de." add action=drop chain=forward out-interface=ether1 dst-address-list="sbl dshield" log=yes log-prefix="BL_sbl dshield" comment="Squild Blacklist: SBL DShield." add action=drop chain=forward out-interface=ether1 dst-address-list="sbl spamhaus" log=yes log-prefix="BL_sbl spamhaus" comment="Squild Blacklist: SBL Spamhaus."
MANUAL SETUP
If you would like to setup everything manually via GUI/Winbox (System > Scheduler), you can use the following System Scheduler “On Event” commands to download and import the blacklist. Also, don’t forget to create the firewall/filter drop rules required for the blacklists, I’ll include an additional code snippet for this at the bottom.
SCRIPT: DOWNLOAD BLACKLIST
:log warning "START - Download blacklist (drop.malicious.rsc) updates."; /tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc dst-path=/disk1/blacklists/drop.malicious.rsc :log warning "END - Download blacklist (drop.malicious.rsc) updates.";
SCRIPT: IMPORT BLACKLIST
:log warning "START - Import blacklist (drop.malicious.rsc) update."; import /disk1/blacklists/drop.malicious.rsc :log warning "END - Import blacklist (drop.malicious.rsc) update.";
SCHEDULER: EXECUTE DOWNLOAD BLACKLIST SCRIPT
/system script run Blacklist_SquidBlacklist_Download_drop.malicious.rsc
SCHEDULER: EXECUTE IMPORT BLACKLIST SCRIPT
/system script run Blacklist_SquidBlacklist_Import_drop.malicious.rsc
CREATE FIREWALL/FILTER INPUT DROP RULES
/ip firewall filter #CREATE INPUT RULES FOR BLACKLISTS add action=drop chain=input in-interface=ether1 src-address-list="sbl blocklist.de" log=yes log-prefix="BL_sbl blocklist.de" comment="Squild Blacklist: SBL Blocklist.de." add action=drop chain=input in-interface=ether1 src-address-list="sbl dshield" log=yes log-prefix="BL_sbl dshield" comment="Squild Blacklist: SBL DShield." add action=drop chain=input in-interface=ether1 src-address-list="sbl spamhaus" log=yes log-prefix="BL_sbl spamhaus" comment="Squild Blacklist: SBL Spamhaus."
CREATE FIREWALL/FILTER FORWARD DROP RULES
/ip firewall filter #CREATE FORWARD RULES FOR BLACKLISTS add action=drop chain=forward out-interface=ether1 dst-address-list="sbl blocklist.de" log=yes log-prefix="BL_sbl blocklist.de" comment="Squild Blacklist: SBL Blocklist.de." add action=drop chain=forward out-interface=ether1 dst-address-list="sbl dshield" log=yes log-prefix="BL_sbl dshield" comment="Squild Blacklist: SBL DShield." add action=drop chain=forward out-interface=ether1 dst-address-list="sbl spamhaus" log=yes log-prefix="BL_sbl spamhaus" comment="Squild Blackli
Комментариев нет:
Отправить комментарий
Примечание. Отправлять комментарии могут только участники этого блога.