address-list script timeout

janisk · June 16, 2010, 6:35am

there is a lot of word “static” in this thread and static usually is handled by user in direct or indirect way, meaning, you do it by hand or set up scheduler to do it. Once you have set up pattern of using scheduler it is easy to make small adjustments for next “exception”.

changeip · June 16, 2010, 6:46am

i would like to synchronize dynamic address-lists on routers. i have a fat workaround now, but it would be nice to be able to add entries from the command line (fetch’d from URL) and allow them to timeout on their own. right now i have to ping each one with a 1 TTL to dynamically catch and add it… thats a lot of overhead.

blake · June 16, 2010, 8:28am

There’s a Linux netfilter module called IPSET which has exactly this functionality through its ‘iptree’ set type; entries can be added to lists via the command line and given timeout values.

How difficult could it be to add this functionality to RouterOS?

There is a huge benefit to be able to perform this functionality via the API from an NMS. An NMS could take into account different metrics before adding a user to a list that the firewall rules cannot.

Chupaka · June 16, 2010, 11:07am

by the way, I forgot to mention one more important thing about dynamic entries: they are not shown in /export =)

ekkas · July 27, 2010, 8:44pm

Sign me up for adding timeoutable (Is that a new word? address-list entries from system scripts or terminal.

Ekkas

ekkas · July 27, 2010, 9:19pm

I had to do some routing based on a DDNS host, so as a dirty workaround, I wrote this script.
New to scripting, so feel free to correct me or make it more efficient if needed.
Then I schedule it every 30 minutes or so.
It checks if the address is there, if not it adds it, then it removes any other addres.
I only have 1 address in this list so it works for me.
I thought it might remove any other address in other lists as well. Does the “address-list add” command put it in the context of the YOURLIST list then?
Or to be safe, would there be a way to do somethiing like this:
:foreach i in [/ip firewall address-list find address!=$listip & address-list=YOURLIST] do={ :set checkIPP $i }
to ensure I remove only an IP in the intended list?

:local listip [:resolve “thehost.dyndns.org”]
:local checkIP 0
:foreach i in [/ip firewall address-list find address=$listip] do={ :set checkIP 1 }
:if ($checkIP = 0) do={ /ip firewall address-list add list=YOURLIST address=$listip comment=“TrueNW”}
:log info $listip
:local checkIPP -1
:foreach i in [/ip firewall address-list find address!=$listip] do={ :set checkIPP $i }
:if ($checkIP != -1) do {/ip firewall address-list remove numbers=$checkIPP}

dssmiktik · September 13, 2010, 5:00am

ekkas,
Looks good.

I actually use a similar script. Here is the script I use:

:local hostnames "www.google.com, www.mikrotik.com, routerboard.com"

# Internal processing...
:local Script "Hostname-To-AddressList"
:local hostip
:local oldip
:local dnssearch
:local addrlistsearch

:foreach h in=[:toarray $hostnames] do={
   :set hostip ""
   :set dnssearch 0

   :put ("Resolving " . $h . "...")

# Search DNS cache first
   /ip dns cache all {
      :set dnssearch [find name=$h]
      :if ([:len $dnssearch] > 0) do={
#      Only retrieve DNS A records
         :if ([get $dnssearch type] = "A" || [get $dnssearch type] = "a") do={
            :set hostip [get $dnssearch data]
         }
      }
   }

# If no IPs found, resolve hostname
   :if ([:len $hostip] = 0) do={
      :set hostip [:resolve $h]
   }

# Search address lists
   /ip firewall address-list {
      :set addrlistsearch [find list=$h]
#   Did we find address list with hostname?
      :if ([:len $addrlistsearch] = 1) do={
         :set oldip [get $addrlistsearch address]
         :if ($oldip != $hostip) do={
           :log info ($Script . "   " . $h . " IP changed: (" . $oldip . " -> " . $hostip . ")")
            set $addrlistsearch address=$hostip
         }
      } else={
#      No Address List found with hostname
         :log info ($Script . "   Adding address list " . $h . " address " . $hostip)
         add list=$h address=$hostip disabled=no
      }
   }
}

maxrate · March 20, 2013, 1:43am

It’s 3 years later, and MT still hasn’t added this!? This would be incredibly useful for a number of scripts with out complicated work-arounds. Mikrotik, please listen to your users and add features.

skot · March 20, 2013, 3:54am

+1

This would be a very useful feature.

omidkosari · March 20, 2013, 8:12am

I think following feature request is also related to this topic .

[Ticket#2012120366000497] Feature request: add dynamic ip to address list by api

Hello,

We will consider adding this feature in the future.

Regards,
Maris

12/4/2012

omidkosari · July 3, 2014, 8:03am

There http://forum.mikrotik.com/t/feature-request-add-dynamic-ip-to-address-list-by-api/75119/1 is an official comment