This app constantly synchronizes and updates the firewall address list in mikrotik.
Actual dangerous IP addresses will already be in the blocked list
Allows you to use a list of IP addresses to add
config.yml
blocklists:
format: mikrotikOutput lines for mikrotik, format is /ip|/ipv6 firewall address-list add list={list_name} address={ip} comment="{scenario} for {duration}"
The list of dangerous IP addresses is very large ~ 25,000, when updated in this way, all addresses are deleted and added again. It's pointless to do this every time you update.
This service only allows you to edit changes. Delete something, add something
docker-compose crowdsec-blocklist
Or use your own list of IP addresses, the list should be accessible by url
Create certifcates
/certificate
add name=CA-Template common-name=CAtemp key-usage=key-cert-sign,crl-sign
add name=Server common-name=server
add name=Client common-name=client
Certificates should be signed.
/certificate
sign CA-Template
sign Client
sign Server ca-crl-host=192.168.88.1 name=ServerCA
Enable API-SSL
/ip service
set api-ssl address=192.168.88.0/24 certificate=ServerCA
build
docker build . -t mikroseclist:latestor use github image
docker pull ghcr.io/akmalovaa/mikroseclist:latestusing docker compose - compose.yaml
services:
mikroseclist:
image: ghcr.io/akmalovaa/mikroseclist:latest
container_name: mikroseclist
command: ["python", "-m", "mikroseclist.main"]
environment:
MIKROTIK_HOST: ${MIKROTIK_HOST:-'192.168.88.1'}
MIKROTIK_USER: ${MIKROTIK_USER:-'admin'}
MIKROTIK_PASSWORD: ${MIKROTIK_PASSWORD:-'password'}
BLOCKLIST_URL: 'http://blocklist.example.com:41412/security/blocklist?ipv4only'
SYNC_INTERVAL_MIN: 30
restart: unless-stoppedchange environment variables and run:
docker-compose up -dChange Mikrotik Firewall Rules
/ip firewall filter
add action=accept chain=input src-address-list=access # access list optional
add action=drop chain=input in-interface=ether1 src-address-list=block
add action=drop chain=forward in-interface=ether1 src-address-list=block