Some of my address list entries are dynamic.
This does not export them as it only exports the non-dynamic entries:
/ip firewall address-list export
How can I export dynamic address list entries?
–jeroen
Bump. Anyone?
–jeroen
it it not possible export dynamic item.
but you can do with print command and saved result in the file.
for example i want to print dynamic and static ip address list also i want store result of print command in file.
/ip address print detail file=ipaddress
Or something like this:
:local text
foreach k,v in [/ip address find dynamic=yes] do={
:set text "$text\$[/ip address get $v address]"
}
/execute script=":put \"$text\"" file=dynaddresses.txt
PS: but in such case file can’t be longer 4096 bytes - it is limit for strings in RouterOS. If longer then can be written in few files for example.
One more variation for previous one:
/execute script="foreach k,v in [/ip address find dynamic=yes] do={:put [/ip address get \$v address];}" file=dynaddresses.txt
Possibly can export longer 4096 bytes due to not uses string buffer but not sure - need to be checked
I encapsulated everything in a script and it works! Thank you very much.
Below is what I did.
First I saved this in the /scripts directory:
/system script environment remove [ find where name="printExportFirewallAddressListDynamic" ];
:global printExportFirewallAddressListDynamic do={
## prints export entries of dynamic ``/ip firewall address-list` for a list named $value
:local whereList "$value";
# :foreach key,value in [/ip firewall address-list find where list=$whereList and dynamic=yes and timeout>13d23h58m] do={
:foreach key,value in [/ip firewall address-list find where list=$whereList and dynamic=yes] do={
:local list [/ip firewall address-list get $value list];
:local address [/ip firewall address-list get $value address];
:local timeout [/ip firewall address-list get $value timeout];
:local comment [/ip firewall address-list get $value comment];
:put "/ip firewall address-list add list=$list dynamic=yes address=$address timeout=$timeout comment=\"$comment\";";
}
}
## Examples:
## /import scripts/Procedure.printExportFirewallAddressListDynamic.rsc
## > $printExportFirewallAddressListDynamic value="login_failure_blacklist"
## > $printExportFirewallAddressListDynamic value="port_scanners_blacklist"
## note the many escapes needed here and that the export will be called "login_failure_blacklist.rsc.txt":
## :execute script="\$printExportFirewallAddressListDynamic value=\"login_failure_blacklist\"" file=login_failure_blacklist.rsc
## :execute script="\$printExportFirewallAddressListDynamic value=\"port_scanners_blacklist\"" file=port_scanners_blacklist.rsc
Then I tested the /import to verify the foutput.
Finally I executed bout :execute statements that generated multi-megabyte output files.
This works, which is way cool.
Note the scripts can take a very long time to execute even on a fast device like a CCR1009 (it took ~ 10 minutes to generate two files > 2 megabyte).
–jeroen
/ip firewall address-list print detail file=ipaddress
ip firewall address-list print file=filename detail where list=listname
Importing the list may have an error due to an existing entry; therefore, use a safe import script-
(note: replace YOURFILENAME with port_scanners_blacklist.rsc, login_failure_blacklist.rsc, etc.)
:local filename "YOURFILENAME"
:local filecontent [/file get $filename contents]
:local linecount 0
:local successcount 0
:local errorcount 0
# Split file content by newlines and process each line
:foreach line in=[:toarray $filecontent] do={
:set linecount ($linecount + 1)
# Skip empty lines
:if ([:len [:tostr $line]] > 0) do={
:put ("Processing line " . $linecount . ": " . $line)
# Try to execute the line as an import command
:do {
# Execute the line as a script command
[:parse $line]
:set successcount ($successcount + 1)
:put ("SUCCESS: Line " . $linecount . " imported successfully")
} on-error={
:set errorcount ($errorcount + 1)
:put ("ERROR: Line " . $linecount . " failed to import - continuing...")
}
}
}
:put ("Import completed!")
:put ("Total lines processed: " . $linecount)
:put ("Successful imports: " . $successcount)
:put ("Failed imports: " . $errorcount)
No file size limit, no error on import if already present.
All lists:
:execute file=exp_dyn_list.txt script="\r\
\n/ip firewall address-list\r\
\n:local beginstr \":execute \\\"/ip firewall address-list add\"\r\
\n:local endstr \"\\\"\"\r\
\n:local iadd 0.0.0.0\r\
\n:local ilst \"\"\r\
\n:local tout \"7d\"\r\
\n:put \"/ip firewall address-list\"\r\
\n:foreach item in=[find where dynamic=yes] do={\r\
\n :set iadd [get \$item address]\r\
\n :set ilst [get \$item list]\r\
\n :put \"\$beginstr address=\$iadd list=\$ilst timeout=\$tout \$endstr\"\r\
\n}\r\
\n"
Just add the wanted list:
:execute file=exp_dyn_list.txt script="\r\
\n/ip firewall address-list\r\
\n:local beginstr \":execute \\\"/ip firewall address-list add\"\r\
\n:local endstr \"\\\"\"\r\
\n:local iadd 0.0.0.0\r\
\n:local ilst \"\"\r\
\n:local tout \"7d\"\r\
\n:put \"/ip firewall address-list\"\r\
\n:foreach item in=[find where dynamic=yes and list=\"MY_LIST\"] do={\r\
\n :set iadd [get \$item address]\r\
\n :set ilst [get \$item list]\r\
\n :put \"\$beginstr address=\$iadd list=\$ilst timeout=\$tout \$endstr\"\r\
\n}\r\
\n"
Can you explain the sense of your post in the resurrected 9 years old topic?
The topic is "how to EXPORT..." and you post "how to IMPORT"?
1 Like