Mikrotik RouterOS IP Address List – Malicious Blacklist Updated.

We have rewritten our Mikrotik RouterOS malicious ip address list import script for Mikrotik RouterOS ip firewall. Now included is blocklist.de and malc0de. Along with dshield and spamhaus drop and edrop blacklists. If you have been using our malicious blacklist you will need to update your firewall rules to reflect the changes.

We update every 30 minutes, and therefore we recommend that you set your scheduler for 30 minute update intervals when updating this blacklist to ensure the most recent data is loaded in your routers.


Suggested IP Firewall Rules An example.
ip firewall raw add chain=prerouting dst-address-list="sbl dshield" action=drop comment="sbl dshield"
ip firewall raw add chain=prerouting dst-address-list="sbl spamhaus" action=drop comment="sbl spamhaus"
ip firewall raw add chain=prerouting dst-address-list="sbl blocklist.de" action=drop comment="sbl blocklist.de"

Please examine the blacklists and note that we arent adding any firewall rules with our blacklists, instead, we have simply formatted them so that all they do is import the address lists, which respects your freedom to choose how you should best apply these lists in your own firewall.

Credit to the professionals and original authors of the source blacklists, whom we should thank for their personal time and effort making this data available. They have made these data feeds available to the public free of charge, and therefore, so shall we.

A note for anybody who was using this blacklist before June 6 2017:

We also changed the names of the existing address lists to make things less cluttered. So you will need to make the change entries listed above to continue using the blacklist effectivly. As a courtesy we have included a few lines to remove the old address lists, which we will leave for the next week while your systems pull the new updates.

Thank you and we hope you enjoy the improved malicious ip blacklists for Mikrotik Routeros firewall.

Update: Malc0de REMOVED due to high fp and lack of concern from the publisher.

7 Replies to “Mikrotik RouterOS IP Address List – Malicious Blacklist Updated.”

  1. Terrific !!!
    Thanks a lot for your business!

    Urlblacklist.com has no respect for their customers, at least you actually respond to support requests.

    1. We arent adding any firewall rules with our blacklists, all they do is import the address lists, which gives you the freedom to decide for yourself how you apply these lists in your firewall.

      Thank you for your interest. I must also point out that blocking inbound traffic behind nat, isnt really helping all that much, when you consider that egress exfiltration of your data to malicious hosts may actually be the bigger threat. And I would additionally posit that blocking inbound and outbound traffic to these malicious hosts would be preferred. But again, how you configure your firewall rules is your business.

      1. I know the scripts are not adding rules; I was referring to your blog post’s “Suggested IP Firewall Rules” which block outbound traffic rather than inbound traffic.

  2. The line “/ip firewall address-list” (for example the 9th line) is unnecessary, because the “/do { … }” start out from root and you already have full path defined anyway.

    1. That is untrue,, when you actually run the script without that line, you will find out that without it, the import process breaks, and thus it is necessary, its also trivial and not worth complaining about as there are no known problems resulting from that line being in place.

Leave a Reply

Your email address will not be published. Required fields are marked *