English version: README.md | Π ΡΡΡΠΊΠ°Ρ Π²Π΅ΡΡΠΈΡ: README_ru.md
A collection of useful scripts for MikroTik RouterOS.
- π οΈ ros-scripts
| Script | Description | Min. ROS Version |
|---|---|---|
| anomalyze | Anomaly detection and blocking | 7.20+ |
| asn-to-address-list | Auto-update address lists by ASN | 7.10+ |
| cloudflare-ddns | Dynamic Cloudflare DNS updates | 7.20+ |
| resolve-address-lists | DNS resolution of IP addresses in comments | 7.20+ |
| warp-finder | Auto-discovery of working Cloudflare WARP endpoints | 7.20+ |
Anomalous connection detection and automatic blocking
This script monitors active connections and identifies suspicious patterns: asymmetric packet counts (high outgoing, low incoming). Useful for protection against port scans, DoS attacks, and TLS handshake timeouts.
Features:
- π― Smart asymmetric connection detection
- π« Automatic IP blocking
- β Allowlist support for trusted IPs
- π Local router address protection
- π Flexible logging (debug/info/warning/error)
- β‘ Configurable detection thresholds
Files:
anomalyze.rscβ main scriptREADME.mdβ detailed documentation
Quick Start:
# Copy script to System β Scripts
# Run
/system script run connection-monitor
Configuration:
:global cfgMonitoredPorts {443; 80; 8443}
:global cfgMinOrigPackets 3
:global cfgMaxReplPackets 2
:global cfgBlockTimeout "1d"
Automatic address list updates by ASN number
Fetches up-to-date IPv4/IPv6 prefix lists for any ASN from ipverse/as-ip-blocks and adds them to firewall address-list.
Features:
- β Auto-update from ipverse GitHub
- π IPv4 and IPv6 support
- π’ Multiple ASN processing in a single run
- π Smart cleanup of old entries
- πΎ Flexible storage (USB/disk/tmpfs)
Files:
update-asn-prefixes.rscβ main scriptupdate-asn-cleaner.rscβ list cleanupupdate-asn-runner-example.rscβ batch update exampleREADME.mdβ detailed documentation
Quick Start:
# Update Cloudflare IPv4
:global UAPASN "13335"
:global UAPLIST "cloudflare-v4"
/system script run update-asn-prefixes
# Multiple ASNs at once
:global UAPASN "13335,16509,15169"
:global UAPLIST "cdn-networks"
/system script run update-asn-prefixes
Popular ASNs:
| Company | ASN | Description |
|---|---|---|
| Cloudflare | 13335 | CDN and security |
| 15169 | Google infrastructure | |
| Amazon | 16509 | AWS |
| Microsoft | 8075 | Azure |
| Meta | 32934 | Facebook, Instagram |
Dynamic Cloudflare DNS record updates
Automatically updates A/AAAA records in Cloudflare when your router's public IP address changes. Supports both IPv4 and IPv6.
Features:
- β IPv4 and IPv6 support
- π Multiple domains simultaneously
- πΆ Cloudflare Proxy toggle (orange/gray cloud)
- β‘ IP change detection before updates
- π Scheduled automation
Files:
cloudflare-ddns.rscβ main scriptREADME.mdβ detailed documentation
Quick Start:
# 1. Enable IP Cloud
/ip cloud set ddns-enabled=yes
# 2. Configure script (specify token, Zone ID, Record ID)
# 3. Create scheduler
/system scheduler add \
name=cloudflare-ddns-update \
on-event=cloudflare-ddns \
interval=5m \
start-time=startup
Domain Configuration:
:local domains {
"example.com,ZONE_ID,RECORD_ID,true,v4";
"ipv6.example.com,ZONE_ID,RECORD_ID,false,v6"
}
DNS resolution of IP addresses in firewall address-list
Automatically resolves IP addresses in specified address lists and stores hostnames in comments for easy identification.
Features:
- π IPv4 and IPv6 support
- π§ Custom DNS server selection (Cloudflare, Google, Quad9)
- π Updates only empty comments
- βοΈ Flexible list configuration
Files:
resolve-address-lists.rscβ main scriptREADME.mdβ detailed documentation
Quick Start:
# Configure lists for resolution
:local dnsServer "1.1.1.1"
:local ipVersion "both"
:local ipv4ListsToResolve {
"Trap";
"MYDNS";
}
:local ipv6ListsToResolve {
"Trap-v6";
"MYDNS-v6";
}
# Run
/system script run resolve-address-lists
Automatic Cloudflare WARP endpoint discovery
Automatically tests various IP:port combinations from Cloudflare's infrastructure to find a working WireGuard endpoint.
Features:
- π Automatic endpoint discovery
- π― Random IP:port generation
- π₯ Connectivity testing via ping
- π Detailed logging
- π‘οΈ Safe operation with rollback
Files:
warp-finder.rscβ main scriptwarp-finder-mini.rscβ lightweight versionREADME.mdβ detailed documentationQUICKSTART.mdβ quick start guideFAQ.mdβ frequently asked questionsCHANGELOG.mdβ changelog
Quick Start:
# Configure interface
:local wgInterface "cloudflare-interface"
:local maxAttempts 10
# Run
/import warp-finder.rsc
Scheduler for auto-run:
/system scheduler add \
name="warp-finder" \
interval=6h \
on-event="/import warp-finder.rsc"
| Script | Minimum RouterOS Version |
|---|---|
| anomalyze | 7.20+ |
| asn-to-address-list | 7.10+ |
| cloudflare-ddns | 7.20+ |
| resolve-address-lists | 7.20+ |
| warp-finder | 7.20+ |
Common Requirements:
- Administrative access to the router
- Internet connectivity
systempackage enabled
- Open System β Scripts
- Click + (Add New)
- Specify the script name
- Copy the
.rscfile contents into the Source field - Click OK
# Connect to the router
ssh admin@192.168.88.1
# Import the script
/import script-name.rsc# Upload the script to the router
scp script.rsc admin@192.168.88.1:/
# Import
ssh admin@192.168.88.1
/import script.rscContributions are welcome:
- π Bug reports
- π‘ Feature suggestions
- π§ Pull requests with fixes
- π Documentation improvements
- Fork the repository
- Create a branch (
git checkout -b feature/improvement) - Make your changes
- Test on RouterOS
- Submit a Pull Request
MIT License β see the LICENSE file for details.
Scripts are provided "as is" without any warranties. Use at your own risk. Testing in a non-production environment is recommended before deployment.
Made with β€οΈ for the MikroTik community