Aqui está uma script pronto para quem deseja aplicar e evitar seus ips publicos entrarem em BlackList.
/ip firewall address-list
add address=10.0.0.0/8 list=bogons
add address=172.16.0.0/12 list=bogons
add address=192.168.0.0/16 list=bogons
add address=100.64.0.0/10 list=bogons
/ip firewall filter
add action=add-src-to-address-list address-list=atacante-addr address-list-timeout=1d chain=forward comment=\
"Descobre IP que esta atacando alguma porta externa da internet." dst-address-list=!bogons dst-port=25025,25,2525,587,465,445,1433 \
limit=6,5:packet protocol=tcp src-address-list=bogons tcp-flags=syn
add action=accept chain=forward comment="Aceita conex\F5es verdadeiras." dst-address-list=!bogons \
dst-port=25025,25,2525,587,465,445,1433 limit=1,5:packet protocol=tcp src-address-list=!atacante-addr
add action=drop chain=forward comment=\
"Bloqueia requisicoes com destino servidores SMTP(25,587,465) SMB(445) MSSQL(1433) - evita ips publico na blacklist" \
dst-address-list=!bogons dst-address-type=!local dst-port=25025,25,2525,587,465,445,1433 protocol=tcp src-address-list=\
atacante-addr