######################################################################################################### # Rick Frey Consulting Bogon Chain # ######################################################################################################### # Author: Rick Frey # # email: rickfrey1000@gmail.com # # Username in MikroTik Forum is rickfrey # ######################################################################################################### # License # # This script has been created for use by the general public and may be used freely. # ######################################################################################################### ######################################################################################################### # Features # - Drops traffic sourced from or destined to BOGONs. Be sure to carelly examine the list of BOGONs. ######################################################################################################### /ip firewall address-list add address=0.0.0.0/8 comment="RFC 1122 \"This host on this network\"" list=Bogons add address=10.0.0.0/8 comment="RFC 1918 (Private Use IP Space)" disabled=yes list=Bogons add address=100.64.0.0/10 comment="RFC 6598 (Shared Address Space)" list=Bogons add address=127.0.0.0/8 comment="RFC 1122 (Loopback)" list=Bogons add address=169.254.0.0/16 comment="RFC 3927 (Dynamic Configuration of IPv4 Link-Local Addresses)" list=Bogons add address=172.16.0.0/12 comment="RFC 1918 (Private Use IP Space)" disabled=yes list=Bogons add address=192.0.0.0/24 comment="RFC 6890 (IETF Protocol Assingments)" list=Bogons add address=192.0.2.0/24 comment="RFC 5737 (Test-Net-1)" list=Bogons add address=192.168.0.0/16 comment="RFC 1918 (Private Use IP Space)" disabled=yes list=Bogons add address=198.18.0.0/15 comment="RFC 2544 (Benchmarking)" list=Bogons add address=198.51.100.0/24 comment="RFC 5737 (Test-Net-2)" list=Bogons add address=203.0.113.0/24 comment="RFC 5737 (Test-Net-3)" list=Bogons add address=224.0.0.0/4 comment="RFC 5771 (Multicast Addresses) - Will affect OSPF, RIP, PIM, VRRP, IS-IS, and others. Use with caution.)" disabled=yes list=Bogons add address=240.0.0.0/4 comment="RFC 1112 (Reserved)" list=Bogons add address=192.31.196.0/24 comment="RFC 7535 (AS112-v4)" list=Bogons add address=192.52.193.0/24 comment="RFC 7450 (AMT)" list=Bogons add address=192.88.99.0/24 comment="RFC 7526 (Deprecated (6to4 Relay Anycast))" list=Bogons add address=192.175.48.0/24 comment="RFC 7534 (Direct Delegation AS112 Service)" list=Bogons add address=255.255.255.255 comment="RFC 919 (Limited Broadcast)" disabled=yes list=Bogons /ip firewall filter add action=jump chain=input comment="Jump to RFC Bogon Chain" jump-target="RFC Bogon Chain" add action=jump chain=forward comment="Jump to RFC Bogon Chain" jump-target="RFC Bogon Chain" add action=drop chain="RFC Bogon Chain" comment="Drop all packets soured from Bogons" src-address-list=Bogons add action=drop chain="RFC Bogon Chain" comment="Drop all packets destined to Bogons" dst-address-list=Bogons add action=return chain="RFC Bogon Chain" comment="Return from RFC Bogon Chain"