Mikrotik Block Bogon Networks

To protect the Router from bogon networks, we can block the addresses entirely, be aware some internet service providers use some of these networks on their side of your connection, which may cause issues, however it’s rare even if they do use them. This tutorial assumes your internet port is called WAN (if not, replace WAN with your interface name).

/ip firewall raw
add action=drop chain=forward dst-address=10.0.0.0/8 out-interface=WAN
add action=drop chain=forward dst-address=192.168.0.0/16 out-interface=WAN
add action=drop chain=forward dst-address=172.16.0.0/12 out-interface=WAN
add action=drop chain=forward dst-address=169.254.0.0/16 out-interface=WAN
add action=drop chain=prerouting in-interface=WAN src-address=0.0.0.0/8
add action=drop chain=output dst-address=0.0.0.0/8 out-interface=WAN
add action=drop chain=prerouting in-interface=WAN src-address=10.0.0.0/8
add action=drop chain=output dst-address=10.0.0.0/8 out-interface=WAN
add action=drop chain=prerouting in-interface=WAN src-address=127.0.0.0/8
add action=drop chain=output dst-address=127.0.0.0/8 out-interface=WAN
add action=drop chain=prerouting in-interface=WAN src-address=169.254.0.0/16
add action=drop chain=output dst-address=169.254.0.0/16 out-interface=WAN
add action=drop chain=prerouting in-interface=WAN src-address=172.16.0.0/12
add action=drop chain=output dst-address=172.16.0.0/12 out-interface=WAN
add action=drop chain=prerouting in-interface=WAN src-address=192.168.0.0/16
add action=drop chain=output dst-address=192.168.0.0/16 out-interface=WAN
add action=drop chain=prerouting in-interface=WAN src-address=224.0.0.0/4
add action=drop chain=output dst-address=224.0.0.0/4 out-interface=WAN