IP address list export script

MikroX · August 9, 2018, 10:53am

Dear community,

I’m struggling with creating a script capable to export one of my static firewall Address Lists, named ssh_blacklist, to a .rsc file. I tried doing so with:

/ip firewall address-list print where list=“ssh_blacklist” ; export file=ssh_blasklist.rsc

but it didn’t work

/ip firewall address-list find ssh_blacklist ; export file=ssh_blasklist.rsc

also didn’t work

Any ideas?

ronix · December 25, 2018, 10:34am

Dear
you can use this script to print it to txt file

/ip firewall address-list print file=ssh_blacklist where list=ssh_blacklist

ericksetiawan · December 28, 2018, 4:50am

Try this:

{
	:local listName "Server"; #change this
	:local fileName "exported.rsc"; #change this
	:local buffer;

	:global filteredList [/ip firewall address-list print as-value where list=$listName && dynamic=no];
	:foreach i in=$filteredList do={
		:set $buffer ($buffer."add list=".$listName." address=".$i->"address"."; ");
	};
	/file print file=$fileName where name="";
	:delay 1s;
	:set $buffer ("/ip firewall address-list; ".$buffer);
	/file set $fileName contents=$buffer;
}

NOTE : Please note that there is variable size limitation in RouterOS. It will affect your file result.

Jotne · December 28, 2018, 7:54am

Why do you like to export it?
If it is to examine the address, you can use send log hits to Syslog.
I do have black list for any trying a blocked port on my router. If you enter this log, router sends a message to my Syslog server (Splunk)
In Splunk I can see all IP address who and when they got in the log.

Here you can see how has tried to access my RDP, but ended are in a block access list.

See my signature for more info.

SimonThomasen · October 25, 2020, 6:15pm

Why? To download the RSC from another router and have it automatically imported there

But since it is put in a string, the limit here is 4 kilobytes - am I right? because a complete write with “file set” is used -

What other ways are there to write to a file, to append to it??

msatter · October 25, 2020, 6:42pm

There are several ways to do this and I have written a backup and restore especially for interchanging between different routers. The focus is on keeping the filesize as low as possible.

It is close to RC and I was distacted by other projects so it went down the pile of other things. If you want you could help me with testing.

You can select one address-list at the time and that is a limitation as there is no way to restore dynamic entries without a timeout. But you can ignore them on restore so that they are kept on the target router.

It creates RSC files, importing those is simple and easy to be automated, that also apply to the backup.