When I add more than one domain to a addresslist then I can only remove one at a time and then it states no such item (4). Using remove then it will only remove the last added item to the addresslist.
[user@MikroTik] /ip firewall address-list> add list=mikrotik-test address=mt.lv
[user@MikroTik] /ip firewall address-list> remove [find list=mikrotik-test]
[user@MikroTik] /ip firewall address-list> remove [find where list=mikrotik-test]
no such item (4)
How can I remove (empty) that domain addresslist in one go as I can if the addresslist is build with only IP addresses?
I solved the puzzle and two entries seems to be some how sticky. When successful removing sometimes two entries remains.
This will remove the domains in one go. I have to exclude the resolved IP addresses on removal:
:local listname "mikrotik-test"
:do {/ip firewall address-list disable [find where list=$listname] } on-error={}
:do {/ip firewall address-list remove [find list=$listname !(address in 0.0.0.0/0)]} on-error={}
# to be certain the last two entries are also removed, just run a straightforward remove
:do {/ip firewall address-list remove [find where list=$listname] } on-error={}
The !(address in 0.0.0.0/0) will select the domains and not the resolved IP addresses. Those resolve IP addresses are untouchable and not able to be deleted. They just bounce back as long the domain is not removed. So first remove the domain and the IP address will be gone on it’s own.
The reason is that once you remove the fqdn item which is static, the items with the resolved IP addresses are removed automatically, but as the find has returned their IDs, the remove command attempts to remove them one by one, and fails on the first one which already doesn’t exist. By adding !dynamic to the condition list of the find, you prevent this from happening, as it will return only the static items of the list.
Thanks Sindy, saddly it is not that simple with scripts.
I can’t add static entries using a script, least as far I know. These entries have max. timeout and Mikrotik disabled a time ago that then the became static.
The dynamic allows to mix static and dynamic in one list. The only the non static entries are remove before importing the updated list.
OK, I haven’t understood from the OP that the domain name items are being added using a script, but the actual behaviour is that items with a timeout, or items added by a firewall rule even if no timeout is specified, are considered dynamic, whereas items without a specified timeout added manually or using a script (actually, nothing prevents a script, even a scheduled one, from adding an address list item without a timeout) are considered static. But this doesn’t change the essence of the issue, which you have found yourself - you must restrict the find in the remove to the fqdn items, so that the remove command would not attempt to remove the ip number child items created by the parent fqdn ones.
