12/11/2021 13:33 MIKROTIK: SETUP SQUIDBLACKLIST FIREWALL – Technology Software Center

Technology Software Center

IT world

MIKROTIK: SETUP SQUIDBLACKLIST FIREWALL

Posted on 31 March 2019 by fadıl

The blacklists were incredibly simple to implement into RouterOS and once configured, the lists can be scheduled to update at regular intervals
via the RouterOS system scheduler. Squidblacklist.org provides a list of available blacklists, but make sure to review the blacklist compatibility
chart first, before implementing the list into your RouterOS configuration. In addition, you will need to change the “dst-path” value to an existing
path for the script to work. If you want to download the blacklist to the root of your MikroTik you can delete the “dst-path” property and its value
entirely. Also, make sure that the “in-interface” and “out-interface” property value is set to that of your network environments WAN interface.
Should you choose the “All-In-One Firewall/Filter Setup” script (via copy/paste in the MikroTik terminal), you will need to enable the scheduled
tasks, since they are disabled by default in the script.

https://techsoftcenter.com/mikrotik-setup-squidblacklist-firewall/ 1/3
12/11/2021 13:33 MIKROTIK: SETUP SQUIDBLACKLIST FIREWALL – Technology Software Center

ALL-IN-ONE FIREWALL/FILTER SETUP

1 /system script
2 #CREATE DOWNLOAD BLACKLISTS SCRIPT
3 add comment=Firewall name=Blacklist_SquidBlacklist_Download_drop.malicious.rsc policy=read,test source=":log warning \"START - Download
4     \n/tool fetch address=www.squidblacklist.org host=www.squidblacklist.org mode=http src-path=/downloads/drop.malicious.rsc dst-path=
5     \n:log warning \"END - Download blacklist (drop.malicious.rsc) updates.\";"
6  
7 #CREATE IMPORT BLACKLISTS SCRIPT
8 add comment=Firewall name=Blacklist_SquidBlacklist_Import_drop.malicious.rsc policy=read,write source=":log warning \"START - Import bl
9     \nimport /disk1/blacklists/drop.malicious.rsc\r\
10     \n:log warning \"END - Import blacklist (drop.malicious.rsc) update.\";"
11  
12 /system scheduler
13 #CREATE DOWNLOAD BLACKLISTS SCHEDULER
14 add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Download_drop.malicious.rsc on-event="/system script run Blacklist_Squid
15  
16 #CREATE IMPORT BLACKLISTS SCHEDULER
17 add comment=Firewall interval=1d name=Blacklist_SquidBlacklist_Import_drop.malicious.rsc on-event="/system script run Blacklist_SquidBl
18  
19 /ip firewall filter
20 #CREATE INPUT RULES FOR BLACKLISTS
21 add action=drop chain=input in-interface=ether1 src-address-list="sbl blocklist.de" log=yes log-prefix="BL_sbl blocklist.de" comment="S
22 add action=drop chain=input in-interface=ether1 src-address-list="sbl dshield" log=yes log-prefix="BL_sbl dshield" comment="Squild Blac
https://techsoftcenter.com/mikrotik-setup-squidblacklist-firewall/ 2/3
12/11/2021 13:33 MIKROTIK: SETUP SQUIDBLACKLIST FIREWALL – Technology Software Center

23 add action=drop chain=input in-interface=ether1 src-address-list="sbl spamhaus" log=yes log-prefix="BL_sbl spamhaus" comment="Squild Bl
24  
25 /ip firewall filter
26 #CREATE FORWARD RULES FOR BLACKLISTS
27 add action=drop chain=forward out-interface=ether1 dst-address-list="sbl blocklist.de" log=yes log-prefix="BL_sbl blocklist.de" comment
28 add action=drop chain=forward out-interface=ether1 dst-address-list="sbl dshield" log=yes log-prefix="BL_sbl dshield" comment="Squild B
29 add action=drop chain=forward out-interface=ether1 dst-address-list="sbl spamhaus" log=yes log-prefix="BL_sbl spamhaus" comment="Squild

Firewall IP Blacklist, FIREWALL MIKROTIK, IP Blacklist, SQUIDBLACKLIST FIREWALL

https://techsoftcenter.com/mikrotik-setup-squidblacklist-firewall/ 3/3