Hi,
I have some kind of a problem where I can’t find a solution. I tried on many other ways but still can’t understand what is wrong. What I am trying to do is to mark some addresses from firewall and send them to address list. From there, this script should collect them and send email of findings. And, to prevent spamming on every cycle, I created test file. Problem is that if ([/file find name $tmpAddress]=$tmpAddress) do={ doesn’t do what it supposed to do
Can someone please point me to the error?
:foreach i in=[/ip firewall address-list find] do={
: local tmpList [/ip firewall address-list get $i list] ;
: local tmpAddress [/ip firewall address-list get $i address] ;
:if ($tmpList="TEST") do={
if ([/file find name $tmpAddress]=$tmpAddress) do={ # THIS DOESN'T WORK
/tool e-mail send to="email@email.com" subject=("WARNING") body=("HOST WARNING:\r\n".$tmpAddress);
:file print file=$tmpAddress ;
:log info ($tmpAddress);
:log info ("End report");
}
}
}
So… you want to send an email only if that IP from that address list also has a file named after it? Or if it doesn’t?
I’m going to guess you want to send an email when there is NOT a file, and after sending the email, write a file, so that it’s not matched at the next scheduled check.
Although if the only purpose of the file is to signal that it’s already processed, it will be far more efficient to instead set a comment on the item, and match only items that don’t have that comment, e.g.
:foreach i in=[/ip firewall address-list print as-value where list=TEST and comment!="SENT"] do={
/tool e-mail send to="email@email.com" subject=("WARNING") body=("HOST WARNING:\r\n". ($i->"address"));
/ip firewall address-list set ($i->".id") comment="SENT";
}
O yes, this seams much easier that solution that I shoot out… but I will make only few changes… Sent comment needs to be on a signal file. Timeout on address list entry is 00:01:30 so it’s kind of useless to place it there. Next phase would be to remove signal file as the entry from address list disappear.
I came out with this so far…
: foreach i in=[/ip firewall address-list find] do={
: local tmpList [/ip firewall address-list get $i list] ;
: local tmpAddress [/ip firewall address-list get $i address] ;
: if ($tmpList="TEST") do={
: local tp ($tmpAddress.".txt")
: if ([:len [/file find name=$tp]] = 0) do={
: log info ($tmpAddress." - HOST WARNING");
/tool e-mail send to="email@email.com" subject=("WARNING") body=("HOST WARNING:\r\n".$tmpAddress);
: global tpip ($tmpAddress);
: file print file=$tpip ;
}}}}
Thanks for reply… I will take needed parts from your solution and do something in between
Actually… timeout on address list entry should suffice with comment SENT… since if address doesn’t trigger a rule again, it will end up only as a warning. On the other hand… 2nd list could do a trick with timeout of let’s say 5 minutes during a day and 30 minutes for a night time for sent emails so the inbox don’t end up with thousands of emails which will be set up by firewall trigger… So I guess that this problem could be solved tomorrow
Wait, the previous line (with $i->“address”) worked on 5.x?!? You do get an email, but the item is not marked? I’m surprised. I would’ve expected it to not work at all.
I think maybe if you replace
/ip firewall address-list set ($i->".id") comment="SENT";
with
/ip firewall address-list set [:pick $i 0] comment="SENT";
it might work.
But… Why not upgrade everything to version 6 anyway? It’s not like the license stops you.
Yes, upgrade will probably be on the way. Only RB450G routers are with ROS 5 but they should be fine with ROS 6… hopefully. And yes, e-mail was send… every 30 seconds
But script is doing just fine, only error is that you can’t add comment on dynamic address on ROS 5. It seams that it would require to remove dynamic address, add static, and delete it after 15 minutes during a day and 2 hours during a night… which brings to the problem of checking a time and when did address added to a list…
It does seams that upgrade would be the best solution to that problem.
