How to Mikrotik Router Bogon Ip address Filtering Firewall Configuration



But if we using any routing protocol such as OSPF,RIP etc then we  don't drop  224.0.0.0/3 .

See for video configuration: http://www.youtube.com/watch?v=Won9MFyxnC8

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=0.0.0.0/8

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=100.64.0.0/64

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=127.0.0.0/8

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=169.254.0.0/16

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=172.16.0.0/12

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=192.168.0.0/16

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=192.0.0.0/24

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=198.18.0.0/15

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=192.168.51.100.0/24

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=203.0.112.0/24

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> add list=BOTNET address=224.0.0.0/3

[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall address-list> print
Flags: X - disabled, D - dynamic
 #   LIST                                                                                         ADDRESS
 0   BOTNET                                                                                  0.0.0.0/8
 0   BOTNET                                                                                  100.64.0.0/10
 0   BOTNET                                                                                  127.0.0.0/8
 0   BOTNET                                                                                  169.254.0.0/16
 0   BOTNET                                                                                  172.16.0.0/12
 0   BOTNET                                                                                  192.0.0.0/24
 0   BOTNET                                                                                  192.168.0.0/16
 0   BOTNET                                                                                  198.18.0.0/15
 0   BOTNET                                                                                  198.51.100.0/24
 0   BOTNET                                                                                  203.0.112.0/24
10   BOTNET                                                                                  224.0.0.0/3




                        
[Laxmi@mikrotikroutersetup.blogspot.com] > ip firewall filter >

add chain=forward action=drop src-address-list=BOTNET comment="Drop all botnet ip address incoming"
add chain=forward action=drop src-address-list=BOTNET comment="Drop All botnet ip address outgoing"


[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0   ;;; Drop all botnet ip address incoming
     chain=forward action=drop src-address-list=BOTNET

 1   ;;; Drop All botnet ip address outgoing
     chain=forward action=drop dst-address-list=BOTNET
[Laxmi@mikrotikroutersetup.blogspot.com] /ip firewall filter>