Add ThreatListPro's curated VPN brute force blocklist to your MikroTik router using address lists. Automatically block attackers before they reach your VPN service.
Start Blocking Attacks -- $9.99/moMikroTik routers are widely deployed across ISPs, enterprises, and homelabs. If your VPN port is exposed to the internet, bots are already probing it.
Automated scanners continuously sweep the internet for open VPN ports on MikroTik routers. Once found, they launch credential-stuffing attacks using leaked password databases. RouterOS logs fill with failed authentication attempts, consuming CPU cycles on your router. Without proactive blocking, it is only a matter of time before a weak or reused credential is guessed -- or your router's resources are exhausted by the attack volume.
MikroTik's firewall supports address lists -- named groups of IPs that can be referenced in filter rules. ThreatListPro feeds directly into a RouterOS address list via a scheduled fetch script, blocking known VPN attackers at the firewall level. No failed logins, no log noise, no wasted resources. The list updates every 60 seconds and your router pulls it on the schedule you configure.
Import ThreatListPro as a firewall address list on MikroTik RouterOS. Works with all RouterOS versions including CHR.
Connect to your MikroTik router via WinBox, WebFig, or SSH terminal. Ensure you have admin-level access to create scripts, scheduler entries, and firewall rules.
Sign up at threatlistpro.com and copy your unique feed URL from the dashboard:https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY
In System > Scripts, create a new script. The script uses /tool fetch to download the ThreatListPro IP list to a file, then clears the existing threatlistpro address list and parses each line to add entries using /ip firewall address-list add list=threatlistpro address=$ip. Set the timeout to 1 day so stale entries are automatically removed.
In System > Scheduler, create a new scheduled task. Set the Interval to 01:00:00 (every 1 hour) and set the On Event field to the name of your fetch script. The scheduler will automatically re-download and refresh the blocklist on your configured interval.
In IP > Firewall > Filter Rules, add a new rule: set Chain to input, Src. Address List to threatlistpro, Protocol to tcp, Dst. Port to 443,1194 (your VPN ports), and Action to drop. Place this rule near the top of your input chain for maximum effectiveness.
See how a VPN-focused blocklist compares to other approaches for protecting your MikroTik router.
| Feature | ThreatListPro | Manual Blocking | Enterprise Threat Feeds |
|---|---|---|---|
| VPN brute-force focused | ✓ | ✗ | ✗ |
| Real-time updates (60s) | ✓ | ✗ | ✓ |
| MikroTik address list compatible | ✓ | ✓ | ✗ |
| Automatic stale IP removal | ✓ | ✗ | ✓ |
| Setup in under 5 minutes | ✓ | ✗ | ✗ |
| Price | $9.99/mo | Staff time | $500+/mo |
Use a script-based import with /tool fetch to download the ThreatListPro IP list, then parse each line and add entries to a firewall address list using /ip firewall address-list add. Schedule the script to run every hour via System > Scheduler for automatic updates. No third-party packages are required -- everything uses built-in RouterOS features.
Yes. ThreatListPro works with all RouterOS versions including MikroTik CHR (Cloud Hosted Router). CHR runs the same RouterOS software as hardware routers, so the address list and firewall filter rule setup is identical. The script-based import works on any RouterOS installation regardless of platform.
Yes. ThreatListPro integrates directly with MikroTik's built-in firewall via address lists and firewall filter rules. Create an address list named "threatlistpro", populate it with the blocklist IPs using a scheduled fetch script, then add a firewall filter rule to drop traffic from that address list on your VPN ports. No additional software or packages are needed.
Pair MikroTik address lists with ThreatListPro for automated VPN brute force protection.
Get ThreatListPro -- $9.99/moThreatListPro provides a standard IP blocklist feed compatible with any firewall that supports external lists.
Learn more about IP blocklists, VPN security, and how ThreatListPro compares to alternatives.