/ip firewall address-list
Firewall address lists allow a user to create lists of IP addresses grouped together under a common name. Firewall filter, mangle and NAT facilities can then use those address lists to match packets against them.
|address (DNS Name | IP address/netmask | IP-IP; Default: )||A single IP address or range of IPs to add to address list or DNS name. You can input for example, '192.168.0.0-192.168.1.255' and it will auto modify the typed entry to 192.168.0.0/23 on saving.|
|list (string; Default: )||Name for the address list of the added IP address|
|timeout (time; Default: )||Time after address will be removed from address list. If timeout is not specified, the address will be stored into the address list permanently.|
The following example creates a dynamic address list of people that are connecting to port 23 (telnet) on the router and drops all further traffic from them for 5 minutes. Additionally, the address list will also contain one static address list entry of 220.127.116.11/32 (www.example.com):
/ip firewall address-list add list=drop_traffic address=18.104.22.168/32
/ip firewall address-list print Flags: X - disabled, D - dynamic # LIST ADDRESS 0 drop_traffic 22.214.171.124
/ip firewall mangle add action=add-src-to-address-list address-list=drop_traffic \ address-list-timeout=5m chain=prerouting dst-port=23 protocol=tcp /ip firewall filter add action=drop chain=input src-address-list=drop_traffic
/ip firewall address-list print Flags: X - disabled, D - dynamic # LIST ADDRESS 0 drop_traffic 126.96.36.199 1 D drop_traffic 188.8.131.52 2 D drop_traffic 10.5.11.8
As seen in the output of the last print command, two new dynamic entries appeared in the address list (marked with a status of 'D'). Hosts with these IP addresses tried to initialize a telnet session to the router and were then subsequently dropped by the filter rule.