# Define the global function
:global DNSStatus do={
:local actionValue $1
/ip firewall nat $actionValue [find comment~"hack_dns"];
}
# Set the action value and call the function
:global DNSAction "disable"
$DNSStatus $DNSAction
Then an other question is, what is the meaning of life?
:global DNSStatus do={
:local actionValue $1
/ip firewall nat $actionValue [find comment~"hack_dns"];
}
# Set the action value and call the function
:global DNSAction "disable"
:global Pong
{
#:local DNSStatus $DNSStatus;
:if ($DNSStatus = "up") do={
:global DNSAction "enable"
}
:if ($DNSStatus = "down") do={
:global DNSAction actionValue ="disable"
}
:if (($DNSStatus != "up") && ($DNSStatus != "down")) do={
log info "Unknown DNS status: $DNSStatus"
}
}
/tool netwatch
add comment=hack_dns disabled=no down-script=":global Pong \$status\r\
\n/system/script/run hack_dns\r\
\n:log info \"\$Pong\"" host=192.168.1.2 http-codes="" name=hack_dns \
test-script="" type=simple up-script=":global Pong \$status\r\
\n/system/script/run hack_dns\r\
\n:log info \"\$Pong \""
This achieves code reuse.
Make the code more concise and only need to take the modification function when modifying
My take on this and this is not tested:
:global DNSstatus do={
/ip firewall nat $1 [find where comment~"hack_dns"];
}
:global Pong do={
:if ($1 = "up") do={
:global DNSstatus enable
:log info "DNS status: $1"
:return
}
:if ($1 = "down") do={
:global DNSstatus disable
:log info "DNS status: $1"
:return
}
:log info "DNS status: unkown"
}
/tool netwatch
add comment=hack_dns disabled=no down-script=":global Pong \$status\r\
\n/system/script/run hack_dns\r\
\n:log info \"\$Pong\"" host=192.168.1.2 http-codes="" name=hack_dns \
test-script="" type=simple up-script=":global Pong \$status\r\
\n/system/script/run hack_dns\r\
\n:log info \"\$Pong \""
Cannot take effect
Then we return the question of what the meaning of life is?
Ray Bradbury:
Life is trying things to see if they work.
Command and arguments cannot be builded from variables, build command as string and use :execute command to execute it.
:local actionValue disable
:execute "/ip firewall nat $actionValue [find comment~\"hack_dns\"]" as-string
Then, what if nothing succeeds? Do you then know the meaning is of life!? 
Thanks Optio.
thank you for your help!
i found solution
:global FirewallNatAction do={
:global actionValue;
:set actionValue $actionValue;
:put $actionValue
:execute "/ip firewall nat $actionValue [find comment~\"hack_dns\"]" as-string
}
$FirewallNatAction actionValue=enable
:global FirewallNatAction do={
:global actionValue;
:set actionValue $actionValue;
:put $actionValue
:execute “/ip firewall nat $actionValue [find comment~"hack_dns"]” as-string
}
$FirewallNatAction actionValue=enable
:global FirewallNatAction do={
:global actionValue;
:set actionValue $actionValue;
:put $actionValue
:execute “/ip firewall nat $actionValue [find comment~"hack_dns"]” as-string
}
$FirewallNatAction actionValue=enable
/ip firewall nat disable [find where comment~"hack_dns"]
:global FirewallNatAction do={
:execute "/ip firewall nat $1 [find where comment~\"hack_dns\"]"
}
$FirewallNatAction enable
Or disable/enable
/ip firewall nat find [set [find where comment~"hack_dns"] disabled=(!($disabled))]
Or do NOT use the “enable” and “disable” commands, use the disable=yes|no attribute with a “set”. Why? Commands cannot be variables, but attributes can.
This avoids the ugly [:execute] & the related issues with that like escaping, creating new subshell/etc., lack of syntax highlights, etc):
:global DisableNatDns do={ /ip/firewall/nat set [find comment~"hack_dns"] disabled=$1 }
$DisableNatDns yes
$DisableNatDns no
missing something and/or too much “/”…
:global DisableNatDns do={/ip firewall nat set [find where comment~"hack_dns"] disabled=$1}
Geez, “yes” and “no”
NOT “on” and “off” — which I fixed from original example
Or… “where” — I’m not sure that’s needed since there is only one attribute to be searched;.
the d on disabled 