AbuseIPDB Blacklist Downloader for RouterOS
This script retrieves a blacklist from AbuseIPDB and adds addresses to the RouterOS firewall's address-list as [blocklist_reported].
Therefore, if you add a drop rule with [Src. Address List] as [blocklist_reported] in the RAW-PREROUTING chain, the router can efficiently drop packets from abused addresses.
Furthermore, the address list does not go through external servers or third-party repositories; instead, it requests the list from the AbuseIPDB server using the user's API key and is processed directly on the router.
As a known limitation, due to the variable size limit of the Fetch tool, the number of addresses that can be fetched at once is approximately 4,500 to 4,600 based on IPv4.
However, if you run the script daily via a scheduler, new blacklists (excluding duplicate addresses already added) are continuously added to the list, resulting in over 10,000 addresses within a few days. Therefore, I do not consider this a significant issue.
Initially, this script was written with simple functions (for my personal purposes) and has been very useful to me for almost 3 years. Recently, I modified it to support APIv2 filtering, allowing you to configure various parameters if desired.
Since RouterOS firewalls can provide effective IP address reputation-based protection by utilizing the free blacklists from AbuseIPDB and blocklist.de, I hope this script will be useful to many people.
*An AbuseIPDB API key is required to use this script. (Up to 5 API requests per day are allowed on the free plan)
**IPv6 blacklist requests are disabled by default, so if you wish, please refer to the instructions in the link and change the value of getIPv6 to [true].