Mikrotik Block Bogon Networks
Published by Gizmo_RA2 on
Block Bogon Networks
To protect the Router from bogon networks, we can block the addresses entirely, be aware some internet service providers use some of these networks on their side of your connection, which may cause issues, however it’s rare even if they do use them.
This tutorial assumes your internet port is called WAN (if not, replace WAN with your interface name).
/ip firewall raw add action=drop chain=forward dst-address=10.0.0.0/8 out-interface=WAN add action=drop chain=forward dst-address=192.168.0.0/16 out-interface=WAN add action=drop chain=forward dst-address=172.16.0.0/12 out-interface=WAN add action=drop chain=forward dst-address=169.254.0.0/16 out-interface=WAN add action=drop chain=prerouting in-interface=WAN src-address=0.0.0.0/8 add action=drop chain=output dst-address=0.0.0.0/8 out-interface=WAN add action=drop chain=prerouting in-interface=WAN src-address=10.0.0.0/8 add action=drop chain=output dst-address=10.0.0.0/8 out-interface=WAN add action=drop chain=prerouting in-interface=WAN src-address=127.0.0.0/8 add action=drop chain=output dst-address=127.0.0.0/8 out-interface=WAN add action=drop chain=prerouting in-interface=WAN src-address=169.254.0.0/16 add action=drop chain=output dst-address=169.254.0.0/16 out-interface=WAN add action=drop chain=prerouting in-interface=WAN src-address=172.16.0.0/12 add action=drop chain=output dst-address=172.16.0.0/12 out-interface=WAN add action=drop chain=prerouting in-interface=WAN src-address=192.168.0.0/16 add action=drop chain=output dst-address=192.168.0.0/16 out-interface=WAN add action=drop chain=prerouting in-interface=WAN src-address=224.0.0.0/4 add action=drop chain=output dst-address=224.0.0.0/4 out-interface=WAN