Terms
Terms of service.
Last updated:
Plain-English terms drafted by the operator to match the actual product. Australian Consumer Law applies; nothing here waives the statutory rights it gives you. If a clause seems wrong or contradicts what the site actually does, that's a defect — please report via /security.
1. Who you're agreeing with
mikrotikfilters.com is run by an Australia-based solo operator (sole trader at v1.0; this may change to a Pty Ltd or fiscal host later — the date above moves forward when it does). The operator is the contracting party for any donation or supporter subscription. The site is hosted on Cloudflare; payments go through Stripe; emails go through Resend. You are not contracting with any of them when you use this site.
2. What the site does
mikrotikfilters.com publishes:
- Default firewall rules for RouterOS — opinionated, well-explained snippets at /firewall.
- Community blocklists at
/lists — IP/CIDR address lists curated
by submission + moderation, distributed as RouterOS-native
.rscfiles. - Community scripts at /scripts — supporter-contributed, moderator-reviewed RouterOS scripts.
- Adjacent admin guides at /guide and /docs — the surrounding context to apply our firewall rules safely.
The site is a reference resource and a community-curation surface. It is not a managed service — your router is your router, and importing any rule or script onto it is a decision you make. See §10 below.
3. Acceptable use
You agree not to:
- Submit content (IPs, scripts, donor-wall names) you don't have the right to publish.
- Attempt to bypass the rate limits, the moderation queue, or any other site protection.
- Submit content with intent to defame, harass, or impersonate.
- Mass-scrape the public lists. The published rate limits in §6 cover legitimate use; anything beyond signals abuse.
- Use the site to redistribute the lists under your own brand without attribution to mikrotikfilters.com (the source of the curation).
- Use a supporter account you don't own (someone else's API key, a borrowed bearer token).
The operator may suspend or terminate any account that breaches the above (see §11). Suspension is reversible; hard deletion is not.
4. Accounts
An account is created the first time you complete the magic-link sign-in at /login. We do not use passwords. Sessions live in your browser as an HttpOnly cookie; you can revoke a session from /account.
You're responsible for keeping your email account secure — magic-link sign-in means anyone who can read your email can sign in as you. Optional TOTP 2FA is available on /account.
Accounts that have never verified an email (the magic-link was issued but never clicked) auto-prune after 30 days.
5. Submissions to the lists + scripts library
Lists. When you submit an IP/CIDR via
/submit, you grant the operator the
right to (a) review it, (b) approve or reject it, and (c) if
approved, publish it in the public list at
/api/lists/<slug>.rsc. Approved entries
are public and accessible to anyone — that's the whole
product. You can withdraw a still-pending submission via
your dashboard; you cannot retract an approved entry
directly, but you can ask via /security
and the operator will weigh the request against the public
curation interest.
Scripts. If you're a supporter and submit
a script via /account/scripts/new,
the same flow applies plus: once approved you become
read-only on the row; you can request deletion via
POST /api/scripts/:slug/request-delete (a
moderator decides); and if your supporter subscription is
cancelled past the 30-day grace window, ownership of your
approved scripts transfers to a system "community" account
— the script stays public, and only moderators or the
operator can take it down. This is the orphan-transfer
mechanism documented in
/privacy §3.8.
You retain copyright in your submissions; you grant a perpetual, worldwide, royalty-free licence to the operator to publish, reproduce, modify (for moderation / formatting), and redistribute approved submissions.
6. Rate limits + caps
The published limits as of v1.0:
- Anonymous list pulls: 10 fetches per IP per day across all lists combined. The cap is a soft "become a supporter" nudge, not a security boundary.
- Free-account pulls (signed in, no supporter subscription): 10 per day per account.
- Supporter pulls: 200 per day per account, shared across all of your API keys (minting more keys can't game the cap).
- List submissions: 30 per minute per account.
- Script submissions (supporter only): 5 per day per account; max 20 active scripts (pending or approved) per account.
- Login + onboarding: rate-limited to prevent brute force.
Limits may change with notice. Material decreases (a tighter limit affecting existing supporters) get pre-announced on the supporter page for at least 30 days.
7. Supporter subscriptions
Supporter is a recurring subscription (A$8/mo or A$80/yr; placeholder pending the operator's pricing finalisation). It pays for site hosting and signals patronage of the project.
Every individual list at
/lists/<slug> is free, forever.
Supporter is not paywall — it's capability/headroom (the
higher pull cap, the bundle builder, API keys, the
community-scripts library submission, the donor wall
opt-in for recurring supporters) and signal-of-support.
Supporter subscriptions auto-renew. You can cancel anytime via the Stripe Customer Portal link on /account; your access stays until the end of the current billing period. Cancelling does NOT trigger a refund of the unused portion — see §8.
8. Refunds (Australian Consumer Law + ours)
Australian Consumer Law (ACL). If you're an Australian consumer, the consumer guarantees in the ACL apply to supporter subscriptions and any other paid service from this site. Those guarantees give you remedies — refund, replacement, or compensation — when the service is not delivered with due care, is not fit for purpose, or otherwise fails the statutory standard. Nothing in these terms waives those rights. They are the floor.
Our discretionary refund policy on top of the statutory floor:
- Within 14 days of a new supporter subscription's first charge — full refund on request, no questions asked. Cancel via the Stripe Customer Portal, then email the operator (see /security) to flag the refund.
- Renewal charge on a still-cancellable subscription — if you forgot to cancel and didn't use the supporter perks during the new billing period, email within 14 days of the renewal charge for a full refund.
- One-time donations — refundable on request within 14 days of the charge. Past 14 days the operator reviews case-by-case; the default for genuine accidental-double-donate is a full refund.
Refunds go back to the original payment method via Stripe. Stripe's transaction-fee deduction is non-refundable — we get the gross-of-fees amount and refund the same amount; Stripe pockets the fee on both the original charge and the refund. (We can't change that; it's a Stripe-side policy.)
9. No SLAs
This is a solo-dev project. We do not promise:
- Any uptime percentage. Best-effort.
- Any moderation-turnaround time on submissions.
- Any support-response window on email enquiries.
- Any feature roadmap timing.
- "First to know" preferential treatment for supporters on new features (announcements are public; supporters get the cap + perks, not earlier access).
The published limits in §6 are operational targets, not
contractual guarantees. The same goes for any "we aim to
respond in X days" wording elsewhere on the site — those
are aspirations, not commitments. The
memory/feedback_no_sla.md file in the project
memory documents this stance for future-self consistency.
10. Disclaimer of warranties
Subject to §8 (Australian Consumer Law non-waivable rights), the site and the published rules / lists / scripts are provided as-is, with all faults. We do not warrant that they will work on every router config, that the lists are complete, or that any rule will defend against any specific threat. Routers are powerful tools and every paste is a decision you make. Always have console access before applying firewall changes.
Specifically: the community scripts library is supporter- contributed content that the operator's moderators review before approval. Moderation is a sanity check — not a formal audit, not a security review, not a guarantee. Read every line before you /import, especially anything flagged HIGH or DESTRUCTIVE.
11. Suspension + termination
The operator may suspend an account that breaches §3 (acceptable use), or that triggers automated-abuse thresholds. Suspension blocks magic-link issuance + API-key resolution + session validation; the account row stays so the user can be unsuspended later. The operator records the suspension reason in the audit log.
You can close your account anytime by emailing the operator (see /security). Closure deletes your account row + anonymises associated data per the retention policy in /privacy §7. Data we have to keep (tax records 5yr; audit log 90d+) gets stripped of personal identifiers where lawful.
12. Limitation of liability
To the maximum extent permitted by law (and subject to §8 ACL non-waivable rights):
- The operator is not liable for indirect, incidental, consequential, or punitive damages — lost revenue, lost data, business interruption, etc.
- The operator's total liability for any claim arising out of or relating to these terms or the site is capped at the greater of A$100 or the amount you paid in supporter / donation fees in the 12 months preceding the claim.
This cap does not apply to the consumer-guarantee remedies in the ACL when the ACL prohibits limitation, or to operator misconduct that the law refuses to cap.
13. Indemnification
You agree to indemnify the operator against third-party claims arising directly from (a) content you submitted in breach of §3 or §5, or (b) your use of the site in breach of these terms. The indemnity is capped at the same amount as §12 — solo-dev project, asymmetric risk, sensible cap.
14. Governing law + disputes
These terms are governed by the laws of Western Australia, Australia. Disputes go to the courts of Western Australia, with exception for any consumer-protection forum the law gives an Australian consumer the right to use (small-claims tribunals, e.g.). EU/UK consumers retain access to their local consumer-protection authorities for matters within their jurisdiction.
15. Changes to these terms
Material changes (a refund-window narrowing, a cap tightening, a new restriction in §3) will be flagged at the top of this page for at least 30 days, and the "Last updated" date moves forward. Editorial fixes (typos, clarifications) bump the date but don't get a banner. Continued use of the site after a material-change notice period elapses means you accept the change. If you don't, cancel your supporter subscription + close your account per §11.
16. Severability + entire agreement
If a clause here is held unenforceable, the rest stands. These terms together with the privacy policy are the entire agreement between you and the operator regarding the site.
17. Contact
Refund requests, account closures, ToS questions: /security for the operator's email. Australian residents who can't resolve a complaint with the operator can contact ACCC; EU/UK consumers can contact their local authority.