Skip to main content

Mikrotik

The CrowdSec Mikrotik integration connects CrowdSec's hosted blocklist endpoint to your Mikrotik router.
Because Mikrotik does not have native external IP list ingestion, the integration uses a script that fetches the blocklist from CrowdSec's API and imports it into the Mikrotik firewall address list, scheduled to run automatically.

Ensure your Mikrotik device supports scripting and scheduled tasks. If unsure, refer to the Mikrotik documentation or contact Mikrotik support.

Step 1 — Create the integration in the CrowdSec Console

In the Integrations page, click Connect under the Mikrotik card.

Mikrotik Integration CardMikrotik Integration Card

Name the integration (must be unique to your account), then click Create.

Mikrotik Integration Creation ScreenMikrotik Integration Creation Screen

The credentials shown next are displayed only once. Copy them before closing this screen.

Mikrotik Integration Credentials ScreenMikrotik Integration Credentials Screen

You now have an HTTPS endpoint and Basic Auth credentials to configure on your Mikrotik device.

Step 2 — Configure Mikrotik

Create the fetch script

Create a new script in your Mikrotik device:

Add the following script content, replacing <integration_id>, <username>, and <password> with the values from the Console:

:local name "[crowdsec]"
:local url "https://admin.api.crowdsec.net/v1/integrations/<integration_id>/content"
:local fileName "blocklist.rsc"
:log info "$name fetch blocklist from $url"
/tool fetch url="$url" mode=https dst-path=$fileName http-auth-scheme=basic user="<username>" password="<password>" idle-timeout="30s" http-header-field="Accept-Encoding:gzip"
:if ([:len [/file find name=$fileName]] > 0) do={
    :log info "removing old ipv4 blocklist"
     /ip/firewall/address-list/remove [ find where list="crowdsec-integration" ];
    :log info "removing old ipv6 blocklist"
     /ipv6/firewall/address-list/remove [ find where list="crowdsec-integration" ];
    :log info "$name import;start"
    /import file-name=$fileName
    :log info "$name import:done"
} else={
    :log error "$name failed to fetch the blocklist"
}

Do not change list="crowdsec-integration" in the script — this value is expected by the data format returned by the CrowdSec API.

Click OK to save the script. You can run it immediately and check the logs to verify it is working.

Create the scheduler

To automate the fetch, create a scheduler that runs the script every 24 hours.

Be mindful of the blocklist size you subscribe to in your integration, as large lists may cause performance issues on your Mikrotik device.

Format example

The CrowdSec blocklist is served in Mikrotik format, with one entry per line:

/ip firewall address-list add list=crowdsec-integration address=1.2.3.4 comment="crowdsec/mikrotik" timeout=48h;
/ip6 firewall address-list add list=crowdsec-integration address=2001:0db8:85a3::/128 comment="crowdsec/mikrotik" timeout=48h;

Manage integration size limits with pagination

If you want to learn how to manage integration size limits with pagination, please refer to the Managing integrations size limits with pagination section.

Next Steps

Subscribe to blocklists in the Blocklist Catalog to populate your integration.