1. 增加[下載Firehol level1清單腳本]的腳本 (有好心人每天固定將清單轉換成 RouterOS 的腳本 /system script add name="DownloadFirehol" source={ /tool fetch url="https://amin-it-consulting.com/firehol/firehol.rsc" mode=https; } 2. 增加[刪除 RouterOS 上,舊的IP清單]的腳本 /system script add name="ReplaceFirehol" source={/file :global firehol [/file get firehol.rsc contents]; :if (firehol != "") do={/ip firewall address-list remove [find where comment="firehol"] /import file-name=firehol.rsc;}} 3. 增加排程執行腳本 /system scheduler add comment="Download Firehol list" interval=1d name="DownloadFireholList" on-event=DownloadFirehol start-date=jan/01/1970 start-time=00:00:00 /system scheduler add comment="Apply Firehol list" interval=1d name="InstallFireholList" on-event=ReplaceFirehol start-date=jan/01/1970 start-time=00:05:00 4. 立即執行排程 /system script run DownloadFirehol /system script run ReplaceFirehol 原文: Mikrotik Firewall - A RouterOs script to block a dynamic list of malicious IPs from Firehol_level1 - Firetik (amin-it-consulting.com)