Hi All, I'm just creating this in general, because I couldn't think of a better place, so please steer me the right way if inappropriate. I just updated to Routeros 7.1 (yes I am moving to 7.1.1) and I noticed a couple of things that may be an issue? 1) when I created a Wireguard interface and set i...

Hey everybody, Just wondering if in the interests of the community to mitigate Log4J2 exploits if anyone has any Firewall filters (Layer7 or otherwise) to stop LDAP & LDAPS protocols outbound that they would be willing to share? or any inbound filtering for the log4J exploit attempts? I don't ne...

Thanks rextended. Hopefully we won't be too far away from the release of 7.x. I'll wait for that and try again.

Thanks for the feedback, but I don't have a test unit and it would take a couple of days for it to fail in any case. So I just thought I would see if anyone else knew off hand before I ventured into finding out myself.

Hi All, I'm just trying to find out if the DoH memory leak/Cache corruption issue has been fixed. I've not found any mention of it being fixed in the RouterOS change logs since DoH was implemented, But I am keen to start using it again. Just wondering anyone knows if it got fixed on the quiet? I kno...

No fix for DoH memory leak yet? I agree, I was also waiting for a DoH memory leak fix. +1 on the DoH memory leak. The reality is that should be called as a CVE. Mikrotik RouterOS v6.47+ "DNS Request flood causes cache overflow and DNS server failure, if DoH is enabled" Status=Current.

Again, the DoH memory leak isn't fixed. Sigh.

Try these 5 lines. just add your own TLD's, it will add an address list for each TLD. Run it again to update them. You will need to create a firewall rule to drop the TLD lists. Beware the lists are huge (who woulda guessed) and if you load them into memory they will take it all, so select your TLD'...

Hi, Sorry I don't believe there is, well I couldn't find any event driven anything in my research. Perhaps someone more enlightened can inform us both? But I agree with you event driven scripting and scheduling would be a welcome addition to RouterOS. I know it's not what you are after but it may he...

Hi All,
I reported this problem to Mikrotik Support, I have just had this response:

Hello,

We are seeing similar reports, currently we are trying to reproduce the issue. We are looking forward to fixing it as soon as possible.

Best regards,

Hi All, OK not really a script, but I thought it may be in the same flavour. I created this Dynamic Blacklist firewall rule set that counts excessive connection attempts from the same IP within a given time frame and eventually blocks them for X number of days. I was initially going to put in a geo-...

Hi All, A small script to download and update Geofilters into an IP address list (with the name of the TLD). you will need to create the firewall rule to drop (or whatever) the list(s). Change your TLD's & download locations to suit. foreach i in={ "NL"; "CN"; "RU";...

Hi All, A script to automatically check and update HE.net Dynamic DNS, schedule it to run every 15 mins & on reboot. Fill in your ddns host, WAN interface and the associated key. :local currentIP :local newIP :local ddnshost "" :local key "" :local...

Hi All, This is a little script set I wrote to check the IP of visitors to your service against DNS RBL's. Handy to block known botnets and/or bad IP's. This filter is a little complex but simply put it, will record the IP's of any system connecting to the firewall on port 22 (or any other service p...

I stumbled on this this morning in 6.47.1, Once the cache is full you can see it constantly refreshing current entries and reloading the static entries. All DNS requests time out. > pbs.twimg.com Server: [192.168.1.1] Address: 192.168.1.1 DNS request timed out. timeout was 2 seconds. Is there a way ...

+1 for Wireguard

I'm a client and I'm asking for it.

Hi Guys, I have a script that loads and address list into an array for further processing on the array rather than trying to muck with the address list directly. This is the code: # for each IP in the unchecked list load it into an array :set i (0); :foreach fwlist in=[/ip firewall address-list find...