Downloads for MikroTik Routers
Security Related
Block Russian Federation by IP Address – This is a prefix list of all of the subnets allocated to the Russian Federation and will drop all traffic to and from those subnets via the Layer 3 Firewall (IP -> Firewall -> Filter). This is a very large script that will only work on routers with sufficient CPU and memory resources.
MikroTik DNS Attack Prevention Rev 3.0 – This script will help ward off unwanted users and DDoS type attacks when using MikroTik’s DNS Proxy. This script is also useful for closing open DNS resolvers.
MikroTik DNS Attack Prevention Rev 4.0 (Firewall Filter) – Provides protection for the the router’s DNS proxy and the LAN DNS traffic that is not using the router as a proxy.
RWF MikroTik Firewall 4.0 (Free Version) – Read the instructions included in the text file CAREFULLY before applying this firewall to your router.
RFC MikroTik Firewall 5.0 (Free Version) – Read the instructions included in the text file CAREFULLY before applying this firewall to your router.
RFC MikroTik Firewall 6.0 for IPv4 (Free Version) – Make sure you test this on a non production router first so that you can see how all of the pieces work together before you go live with it. You will need to set the Interface List ports and scrutinize the address lists.
RFC MikroTik Firewall 6.1 for IPv4 (Free Version) – This update fixes several syntax errors and moves as many rules to the RAW section as it makes sense to do. A few problematic rules have been omitted.
RFC MikroTik Firewall 6.1 for IPv4 – Lite Edition (Free Version) – In the Lite Edition, the scripts and address lists that are CPU intensive have been omitted so that this can be used on less powerful routers.
RWF – Basic Failover with Netwatch – This is a script to be added to a router which has two Internet connections coming in as DHCP. This will provided fail-over redundancy. It can be easily modified to handle a static IP scenario or a mixed environment.
Virus_Chain_Only – Virus Script used in class. (Not a complete firewall)
RFC ICMP Protection Chain– Not a complete firewall
RFC Port Scan Protection Chain– Not a complete firewall
RFC Login Brute Force Protection Chain– Not a complete firewall
RFC Protect ROS Services– Not a complete firewall
RFC Unusual Protocols Chain– Not a complete firewall
RFC BOGON Chain – Not a complete firewall. This contains the filter rules and the address list.
RFC_BOGON_Short_List – Address List Only
QoS Related
RWF Traffic Prioities Rev 3.1 – This script will change how your router prioritizes traffic based on the DSCP values of 0-7 (7 being the highest priority). Some of the rules affect the “priority” without changing the DSCP value. You will likely want to customize this to your needs. This script will also affect WMM and HT AMPDU priorities.
RFC-Traffic-Prioities-Rev-4.0 – This script will change how your router prioritizes traffic based on the DSCP values of 0-7 (7 being the highest priority). Some of the rules affect the “priority” without changing the DSCP value. You will likely want to customize this to your needs. This script will also affect WMM and HT AMPDU priorities.
MikroTik Simple Queue for VOIP – This script is applicable in SOHO environments where VOIP needs to have bandwidth carved out of the total to keep the call quality high. All other LAN traffic is handled with a PCQ so that other devices on the network share the bandwidth equally.
RFC Video Streaming Services – Address list only for QoS applications
Convert L2 QoS to L3 QoS Rev 1.0 – Converts the QoS value from the L2 header of a frame to the L3 ToS/ DSCP value in the packet
Convert L3 QoS to L2 QoS Rev 1.0 – Converts the QoS value from the L3 ToS/ DSCP value in the packet to the L2 header of a frame
RFC Identify Apple Updates – This script identifies Apple update servers so that they can be rate limited, paused, or blocked. The final action is not built out.
RFC Identify Microsoft Updates – This script identifies Microsoft update servers so that they can be rate limited, paused, or blocked. The final action is not built out.
Notifications & Tools
MikroTik Bad Block Detection – Detects bad blocks on the router and send an email to the network administrator. I recommend running this script on all of your routers!
MikroTik Ethernet Error Detection – Detects 21 different problems with Ethernet links that will likely indicate a problem. This script is large (about 700+ lines) so you will need to copy and paste in smaller sections. I stopped at 13 Ethernet ports. If you have less, just remove the unneeded sections. If you have more, than you will need to do so coping and pasting 😉 The connection speed is set to 100Mbps by default. If you are using something different you will want to run a replace command in a text editor.
Send Logs Via e-mail – This is a script to receive logs from your router on a daily basis. The interval of updates can easily be adjusted in the System Scheduler.
MikroTik DHCP Alerts Script – This script will detect Rouge DHCP servers and alert the network administrator.
MikroTik Auto Upgrade Script – This is a script that can be applied to all other MikroTik devices on your network. Once a day, they will check some given router on your network and if there is a new package loaded in the files directory of that router, then it will download it and install it automatically.
Other Downloads
Routing Cheet Sheet – Subnet Cheat Sheet
Routing Worksheet – Worksheet to help teach static routing
BGP Cheet Sheet – Cheat Sheet for BGP Metrics
MikroTik RouterOS v7 Commonly Used Filters – Helpful refrences for working with the routing filters.
Decimal to Binary Conversion Worksheet – Worksheet used in some of my classes
DHCP Options – List of DHCP options with the most commonly used highlighted
Packet Flow Diagram – Best packet flow diagram to date (ROS 6.x)
IPSEC Worksheet – Worksheet for building IPSEC tunnels with MikroTik
Recursive Routing Worksheet – Worksheet that I use in some of my classes to help teach Recursive Routing
ISP Gross Revenue – Chart showing the gross revenue an ISP can expect based on the number of customers
ROSv6 – OSPFv2 Cheat Sheet – Cheets sheet that has all of the pertinent OSPF info for ROS 6.x and eariler.
Packet Capture Checklist – This checklist is composed of packet captures that can easily be created using only Mikrotik routers. If you can build each one of these network structures and perform a successful packet capture then you will find yourself ahead of 97% of your peers. I highly recommend turning this into a game and competing with your co-workers. You’ll be amazed by how fast your team grows from these exercises.
Multicast Address Space – The overall allocation of multicast address space
Multicast Address Space – Local Network Control Block
Packet Captures (In .zip file)
Layer 2
Layer 3
Packet_Capture_OSPF_Broadcast_Association
Packet_Capture_OSPF_NBMA_Association
Packet_Capture_OSPF_PTMP_Association
Packet_Capture_OSPF_PTP_Association
MikroTik_SSTP_Without_Certificate
MikroTik_SSTP_With_Certificate
MikroTik_SSTP_With_Certificate_And_PFS
Firewall Version 6
Coming Soon 🙂
Great work Rick frey!! waiting for your next version of Firewall.
Thank you!