API script to Enable/disable firewall rules

RouterOS Scripting
1

Hi All,

My goal is to create a script to enable/disable rules in forwarding chain and execute the script by API or API REST call. The script should accept a parameter in order to select the subnet to enable or disable.

Is this idea a good approach, a good way? Is it possible to run a script by API or API REST passing in some way a parameter?

In order to understand how to remotely execute a script passing it a parameter I did some simple test:

My test script:

script name: test-param

:global myvar Lab1:log info ("Parametro ricevuto: " . $myvar)

I am able to locally run the script:

/system/script/run number=test-param

I am able to set a the global variable myvar :

/system/script/environment/set numbers=myvar value=NewValue

Running the script I get the new variable value.

When I run the script by API or API REST I get the message but the variable myvar alwaise has the default value, Lab1. By API or API REST I am also able to set a new value for the variable myvar. The new value appear typing /system/script/environment/print but when I run the scriot by API, the variable myvar alwaise gets the default value.

Any suggestion will be appreciated!!
Thank a lot!

2

Buongiorno, non uso l'API altrimenti ti averei aiutato volentieri, ma un chiaro consiglio: pensa a come identificare in maniera precisa le regole da attivare e disattivare.

Good morning, I don't use the API, otherwise I would have gladly helped you, but a clear piece of advice: think about how to precisely identify the rules to activate and deactivate.

3

IDK for sure, but imagine permissions has something to do with it. i.e. is the account you're using with API same as the one you're using from CLI? One suggestion is to enable dont-require-permissions on your script.

You're better off not using the API(/REST) to invoke a script or access variables IMO. Instead, as @rextended suggests, use something like a comment to identify the firewall rule (via GET or API/POST .../get in REST) then in a 2nd call, use the .id to do the needed PATCH (or API/POST .../set).