You get blocked if you query it too many times per 24 hour period (I'd guess this was done with Mikrotik :)
Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Thu, Sep 8, 2016 at 10:00 AM, Faisal Imtiaz <[email protected]> wrote: > short answer is yes..... but keep in mind that Joshaven's script is > designed to have the MT poll for the file at specified intervals. > Setting up the interval too short can be more stressful on both the router > & server hosting the file..... Setting up the interval to be long, will you > will have to wait for the acl to kick in... > > A better way to do this is via a private ebgp session, where you can > inject the IP Address almost instantaneously, and as a bonus if you are > doing ebgp with you ip transit provider you can also setup this to do > blackhole communities. > > Regards. > > Faisal Imtiaz > Snappy Internet & Telecom > 7266 SW 48 Street > Miami, FL 33155 > Tel: 305 663 5518 x 232 > > Help-desk: (305)663-5518 Option 2 or Email: [email protected] > > ------------------------------ > > *From: *"That One Guy /sarcasm" <[email protected]> > *To: *[email protected] > *Sent: *Wednesday, September 7, 2016 11:59:37 PM > *Subject: *Re: [AFMUG] FREE Mikrotik Blacklist Service > > Out of curiousity, > If I wanted to create global ACLs for my network for various purposes that > are managed from a single mikrotik on the network. Is there enough info on > your links to steal your code and modify it to do so? > > basically I want a single location I add in the different ACL lists and it > automagically ends up on all our routers > > On Thu, Aug 25, 2016 at 1:13 PM, Joshaven Mailing Lists < > [email protected]> wrote: > >> One of the major drawbacks of using dynamic ip lists is that they will be >> gone if you reboot. >> >> If you have a 3 to 7 day update schedule then you can go days without >> your blacklists which somewhat defeats the purpose. >> >> A solution for this would be to add an additional schedule that has a >> start-time=startup that downloads & runs all of the scripts. >> >> >> Sincerely, >> Joshaven Potter >> Google Hangouts: [email protected] >> Cell & SMS: 1-517-607-9370 >> [email protected] >> >> >> On Aug 25, 2016, at 1:38 PM, Joshaven Mailing Lists <[email protected]> >> wrote: >> I didn’t want to add a timeout globally but just for you here it your >> solution: >> >> You can optionally provide the number of days, it will default to 7 >> >> http://joshaven.com/listWithTimeout.php?list=openbl >> http://joshaven.com/ <http://joshaven.com/listWithTimeout?list=spamhaus> >> listWithTimeout <http://joshaven.com/with_timeout.php?list=openbl> >> .php?list=spamhaus >> http://joshaven.com/ >> <http://joshaven.com/listWithTimeout.php?list=dshield> >> <http://joshaven.com/listWithTimeout?list=spamhaus>listWithTimeout >> <http://joshaven.com/with_timeout.php?list=openbl>.php?list=dshield >> http://joshaven.com/ >> <http://joshaven.com/listWithTimeout.php?list=malc0de> >> <http://joshaven.com/listWithTimeout?list=spamhaus>listWithTimeout >> <http://joshaven.com/with_timeout.php?list=openbl>.php?list=malc0de >> >> Here is an example of the list with with an alternative length of time: >> http://joshaven.com/ >> <http://joshaven.com/with_timeout.php?list=malc0de&days=14> >> <http://joshaven.com/listWithTimeout?list=spamhaus>listWithTimeout >> <http://joshaven.com/with_timeout.php?list=openbl> >> .php?list=dshield&days=14 >> >> This will however create a goofy filename if you don’t specify the >> filename so alter your download scripts to be like: >> >> /tool fetch url="http://joshaven.com/listWithTimeout.php?list=openbl"; >> mode=http dst-path=openbl.rsc; >> >> /tool fetch url="http://joshaven.com/listWithTimeout.php?list=spamhaus"; >> mode=http dst-path=spamhaus.rsc; >> >> /tool fetch url="http://joshaven.com/listWithTimeout.php?list=dshield"; >> mode=http dst-path=dshield.rsc; >> >> /tool fetch url="http://joshaven.com/listWithTimeout.php?list=malc0de"; >> mode=http dst-path=malc0de.rsc; >> <joshaven_10_70_99_1__JPFW__-_WinBox_v6_36_on_RB2011UAS- >> 2HnD__mipsbe_.jpg> >> >> >> >> >> >> >> Sincerely, >> Joshaven Potter >> Google Hangouts: [email protected] >> Cell & SMS: 1-517-607-9370 >> [email protected] >> >> >> On Aug 25, 2016, at 11:24 AM, Faisal Imtiaz <[email protected]> >> wrote: >> Is there anyway you can make the address lists in Mikrotik dynamic >> >> with a ~7 day timeout? That way they are not included in backups etc. >> Also, if decide to stop using them just delete the scripts and lists >> will go away in 7 days. >> >> >> >> Huh ? not sure what you are asking and why ? >> >> The list/feature is supposed to be dynamic to begin with. >> You can run a daily update. >> If you want to stop the function, you can simply disable the firewall >> rule that is associated with this list >> getting a copy of the ip's via backup export is not a big deal.. >> >> ?? >> >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> >> >> Help-desk: (305)663-5518 Option 2 or Email: [email protected] >> <[email protected]> >> >> ----- Original Message ----- >> >> From: "Matt" <[email protected]> >> To: [email protected] >> Sent: Thursday, August 25, 2016 10:14:26 AM >> Subject: Re: [AFMUG] FREE Mikrotik Blacklist Service >> >> For years I've provided a FREE blacklist service for MikroTik users. I >> have >> recently upgraded my server environment for higher reliability and speed. >> If you are interested in a dynamic IP blacklist for your routers are are >> not >> already using my list then checkout my writeup: >> >> http://joshaven.com/resources/tricks/mikrotik-automatically- >> updated-address-list/ >> >> If you are already use my list than don't worry, your service just got >> faster >> and you don't need to do anything... unless you want to include the newly >> added >> list from malc0de. >> >> Is there anyway you can make the address lists in Mikrotik dynamic >> with a ~7 day timeout? That way they are not included in backups etc. >> Also, if decide to stop using them just delete the scripts and lists >> will go away in 7 days. >> >> >> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > >
