Script To Allow List of IPs Via WAN Interface

I’m using the following. It occasionally fails with an unknown item error. Does anyone see an error?

-Eric

:local ToAllow {[:resolve hostname1]; [:resolve hostname2]}
:local AddressListName "WANAllow"
:local InAddressList 0
:local InToAllow 0
:local CurrentPeerIP 0

# Remove Old Not In New Set
:foreach i1 in [/ip firewall address-list find list=$AddressListName] do={
  :set CurrentPeerIP [/ip firewall address-list get $i1 address]

  :foreach i2 in $ToAllow do={
    if ($i2 = $CurrentPeerIP) do={:set InToAllow 1}
  }

  :if ($InToAllow = 0) do={/ip firewall address-list remove $i1}
  :set InToAllow 0
}

# Add New Not In Current Set
:foreach i1 in $ToAllow do={
  :foreach i2 in [/ip firewall address-list find list=$AddressListName] do={
    :set CurrentPeerIP [/ip firewall address-list get $i2 address]

    if ($i1 = $CurrentPeerIP) do={
      :set InAddressList 1
    }
  }

 :if ($InAddressList = 0) do={/ip firewall address-list add list=$AddressListName address=$i1}
 :set InAddressList 0
}

Nevermind. Figured it out. My first loop with the remove was creating the problem… it was changing the IDs…

Changed

/ip firewall address-list remove $i1

to

/ip firewall address-list remove [/ip firewall address-list find list=$AddressListName address=$CurrentPeerIP]