Synchronize an external netset/ipset list with a mikrotik firewall address‑list.
Only the delta (new / removed IPs) is sent to the router, greatly reducing API calls and execution time.
- Incremental sync — adds only new IPs and removes obsolete ones
- YAML or CLI configuration with clear priority (CLI > YAML > defaults)
- Compatible with RouterOS api service (port 8728)
First of all, you need to make sure that your Mikrotik router has API enabled:
/ip service set api disabled=nogo install github.com/knownout/mtsync/cmd/mtsync@latestAlternatively, you can download binary executable
from releases section
You can also build the package manually using the instructions below
git clone https://github.com/knownout/mtsync.git
cd mtsync
go build -o mtsync .Alternatively run directly:
go run . --password=secret
You can build for specific architecture and OS:
make build-darwin_arm64Or for all defined in makefile architectures:
make build-allThere are two ways to configure the program: using CLI flags or using a configuration file. The methods can be combined
CLI flags have the highest priority and overwrite both default values and values set by the configuration file
| Flag | Default | Description |
|---|---|---|
--config |
– | Path to YAML file |
--netset |
Public CIArmy list | Override netset URL |
--list |
ciarmy-malicious |
Address‑list name |
--host |
192.168.0.1 |
Mikrotik host (:8728 appended if missing) |
--user |
admin |
Username |
--password |
(empty) | Password |
--cache |
cache |
Cache directory |
--cleanup |
false |
Delete all entries and remove cache |
You can use a separate file to store all parameters. The following is the minimum working configuration:
credentials:
password: mypassWith this configuration, the program will attempt to automatically connect to the router at the path 192.168.0.1:8728 from
person of user admin
Full configuration file:
# Authentication credentials
credentials:
# Router IP address and port. Port can be omitted if used default
host: 192.168.0.1:8728
# Username. Can be omitted if used admin
user: admin
password: pass
# Synchronization configuration
config:
# URL of the IP addresses list
netset: https://example.com/ip-block.txt
# Name of address-list in mikrotik
list: blocklist-external
# Cache directory
cache: /var/lib/mt-syncMinimum configuration to start synchronization of the junk address list from ciarmy:
./mt-sync --password=secretStart the program with the configuration file:
./mt-sync --config=/etc/mt-sync.yamlOverride list and cache via CLI:
./mt-sync --config=/etc/mt-sync.yaml --list=mylist --cache=/tmp/mt-cacheComplete deletion of a specific addresses list:
./mt-sync --config=/etc/mt-sync.yaml --cleanupPossible problems when using the program:
| Symptom | Cause / Fix |
|---|---|
cannot connect MikroTik: EOF |
API disabled or wrong port. Enable /ip service set api disabled=no. |
| Progress bar stalls | Large latency to router — ensure a reliable connection. |
| Cache not saved | Permissions in cache directory; run with correct user. |
You can copy and paste the MIT license summary from below.
MIT License
Copyright (c) 2025 Alexandr Slavinskii
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.