So I need to be able to tell if a given IP address is represented in a given /ip firewall address-list list. However, I know of at least three ways that can happen.
add list=“test” address=“1.2.3.4” comment=“Directly Mentioned”
add list=“test” address=“1.2.3.0/26” comment=“Part of a subnet”
add list=“test” address=“1.2.3.4-1.2.3.40” comment=“Part of a range”
But I only know how to test for two of those conditions:
/ip firewall address-list find address=$1 and list=$2 // This tests for a direct mention, but fails if IP is inside a subnet or a range.
/ip firewall address-list find $1 in address and list=$2 // This detects an IP in a subnet, but fails both for direct mention or for a range. (succeeds for degenerate case 1.2.3.4/32, but I want to support direct mention with no CIDR as well instead of trying to change how lists get created lol!)
So I can make this function detect direct mentions or subnet inclusion, but I still have no way to detect a match against a range.
:global ipInList do={:return ([:len [/ip firewall address-list find ($1 in address || address=$1 ) and list=$2]] > 0)}
Please advise? Thank you.
PS. This is my company’s forum account, and I’d have posted from my personal one but it’s not letting me login that way and I’m not certain who to contact for support over forum login issues. :B
-
- Jesse Thompson
Webformix, Bend OR
- Jesse Thompson