Mikrotik

The CrowdSec Mikrotik integration connects CrowdSec's hosted blocklist endpoint to your Mikrotik router.
Because Mikrotik does not have native external IP list ingestion, the integration uses a script that fetches the blocklist from CrowdSec's API and imports it into the Mikrotik firewall address list, scheduled to run automatically.

Ensure your Mikrotik device supports scripting and scheduled tasks. If unsure, refer to the Mikrotik documentation or contact Mikrotik support.

Create a Mikrotik Integration Endpoint

1- Create an integration
2- Remediation Component
3- Save your credentials
4- Subscribe to blocklists

Step 1 — Create an integration in the CrowdSec Console

In your CrowdSec Console account, navigate to the Blocklist tab in the top menu bar, then select the Integrations sub-menu. Choose the integration type you need, then click Connect.

If you don't have a CrowdSec Console account, sign up here. On mobile, use the menu icon in the top-right corner, tap Blocklist, then Integrations.

Step 3 — Copy your credentials

The credentials shown next are displayed only once. Copy them before closing this screen. If you lose your credentials, you can regenerate them via Configure → Regenerate Credentials on the integration page.

With this HTTPS endpoint and Basic Auth credentials, you can verify the endpoint with any HTTP client, for example:

curl -u 'usr:pass' https://admin.api.crowdsec.net/v1/integrations/$integID/content

Raw IP List Integration Credentials Screen

Configure Mikrotik

Create the fetch script

Create a new script in your Mikrotik device:

Add the following script content, replacing <integration_id>, <username>, and <password> with the values from the Console:

:local name "[crowdsec]"
:local url "https://admin.api.crowdsec.net/v1/integrations/<integration_id>/content"
:local fileName "blocklist.rsc"
:log info "$name fetch blocklist from $url"
/tool fetch url="$url" mode=https dst-path=$fileName http-auth-scheme=basic user="<username>" password="<password>" idle-timeout="30s" http-header-field="Accept-Encoding:gzip"
:if ([:len [/file find name=$fileName]] > 0) do={
    :log info "removing old ipv4 blocklist"
     /ip/firewall/address-list/remove [ find where list="crowdsec-integration" ];
    :log info "removing old ipv6 blocklist"
     /ipv6/firewall/address-list/remove [ find where list="crowdsec-integration" ];
    :log info "$name import;start"
    /import file-name=$fileName
    :log info "$name import:done"
} else={
    :log error "$name failed to fetch the blocklist"
}

Do not change list="crowdsec-integration" in the script — this value is expected by the data format returned by the CrowdSec API.

Click OK to save the script. You can run it immediately and check the logs to verify it is working.

Create the scheduler

To automate the fetch, create a scheduler that runs the script every 24 hours.

Be mindful of the blocklist size you subscribe to in your integration, as large lists may cause performance issues on your Mikrotik device.

Format example

The CrowdSec blocklist is served in Mikrotik format, with one entry per line:

/ip firewall address-list add list=crowdsec-integration address=1.2.3.4 comment="crowdsec/mikrotik" timeout=48h;
/ip6 firewall address-list add list=crowdsec-integration address=2001:0db8:85a3::/128 comment="crowdsec/mikrotik" timeout=48h;

Manage integration size limits with pagination

If you want to learn how to manage integration size limits with pagination, please refer to the Managing integrations size limits with pagination section.

Next Steps

Subscribe to blocklists in the Blocklist Catalog to populate your integration.

Create a Mikrotik Integration Endpoint​

Step 1 — Create an integration in the CrowdSec Console​

Step 2 — Fill in integration details​

Step 3 — Copy your credentials​

Step 4 — Subscribe to Blocklists​

Configure Mikrotik​

Create the fetch script​

Create the scheduler​

Format example​

Manage integration size limits with pagination​

Next Steps​