RFC BOGON Chain

This entry was posted in Firewall MikroTik on by

The text file version is located here: RFC_Bogon_Chain

#########################################################################################################
# Rick Frey Consulting Bogon Chain #
#########################################################################################################
# Author: Rick Frey #
# email: rickfrey1000@gmail.com #
# Username in MikroTik Forum is rickfrey #
#########################################################################################################
# License #
# This script has been created for use by the general public and may be used freely. #
#########################################################################################################
#########################################################################################################
# Features
# – Drops traffic sourced from or destined to BOGONs. Be sure to carelly examine the list of BOGONs.
#########################################################################################################

/ip firewall address-list
add address=0.0.0.0/8 comment=”RFC 1122 \”This host on this network\”” list=Bogons
add address=10.0.0.0/8 comment=”RFC 1918 (Private Use IP Space)” disabled=yes list=Bogons
add address=100.64.0.0/10 comment=”RFC 6598 (Shared Address Space)” list=Bogons
add address=127.0.0.0/8 comment=”RFC 1122 (Loopback)” list=Bogons
add address=169.254.0.0/16 comment=”RFC 3927 (Dynamic Configuration of IPv4 Link-Local Addresses)” list=Bogons
add address=172.16.0.0/12 comment=”RFC 1918 (Private Use IP Space)” disabled=yes list=Bogons
add address=192.0.0.0/24 comment=”RFC 6890 (IETF Protocol Assingments)” list=Bogons
add address=192.0.2.0/24 comment=”RFC 5737 (Test-Net-1)” list=Bogons
add address=192.168.0.0/16 comment=”RFC 1918 (Private Use IP Space)” disabled=yes list=Bogons
add address=198.18.0.0/15 comment=”RFC 2544 (Benchmarking)” list=Bogons
add address=198.51.100.0/24 comment=”RFC 5737 (Test-Net-2)” list=Bogons
add address=203.0.113.0/24 comment=”RFC 5737 (Test-Net-3)” list=Bogons
add address=224.0.0.0/4 comment=”RFC 5771 (Multicast Addresses) – Will affect OSPF, RIP, PIM, VRRP, IS-IS, and others. Use with caution.)” disabled=yes list=Bogons
add address=240.0.0.0/4 comment=”RFC 1112 (Reserved)” list=Bogons
add address=192.31.196.0/24 comment=”RFC 7535 (AS112-v4)” list=Bogons
add address=192.52.193.0/24 comment=”RFC 7450 (AMT)” list=Bogons
add address=192.88.99.0/24 comment=”RFC 7526 (Deprecated (6to4 Relay Anycast))” list=Bogons
add address=192.175.48.0/24 comment=”RFC 7534 (Direct Delegation AS112 Service)” list=Bogons
add address=255.255.255.255 comment=”RFC 919 (Limited Broadcast)” disabled=yes list=Bogons

/ip firewall filter
add action=jump chain=input comment=”Jump to RFC Bogon Chain” jump-target=”RFC Bogon Chain”
add action=jump chain=forward comment=”Jump to RFC Bogon Chain” jump-target=”RFC Bogon Chain”
add action=drop chain=”RFC Bogon Chain” comment=”Drop all packets soured from Bogons” src-address-list=Bogons
add action=drop chain=”RFC Bogon Chain” comment=”Drop all packets destined to Bogons” dst-address-list=Bogons
add action=return chain=”RFC Bogon Chain” comment=”Return from RFC Bogon Chain”

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.