Update address list with script

THG · December 19, 2010, 7:46pm

Hi!

I’m stuck with the problem of how to update an address list with a script.

Here is what I am trying to do.

Read the IP address from an interface (WAN Interface).
Add the address to a list.
Check if the address has changed since the last run.
Update the address list if changed.

Alternative a script to update a firewall rule when the IP address changes.

Thanks in advance.

Mike

fewi · December 19, 2010, 8:05pm

Look at the various DynDNS and changeip.com scripts for inspiration - most dynamic DNS providers punish you if you update your record to often when it hasn’t changed, so those scripts contain all the necessary code to check whether an interface IP has changed. They usually use globals and not an address list, but that should still fit your requirements.

Just change the code inside the if block that executes when an actual change has been detected and update your firewall rule there.

THG · December 19, 2010, 10:35pm

Thank you for the response. I tried to take a look at those scripts, but I got a headache.

I decided to do it from scratch instead. The script is working, but I would like to add something to it.

Check if the address list exist.
Check if the address has changed since the last run (I don’t want to clutter up the system log).

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BEGINNING OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:local "wan-interface" "ether1-gateway"
:local "address-list" "wan_ip"
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# END OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:local "wan-ip" [ /ip address get [/ip address find interface=$"wan-interface"] address ]
:set "wan-ip" [ :pick $"wan-ip" 0 [:find $"wan-ip" "/" ] ]
:foreach a in=[/ip firewall address-list find list=$"address-list"] do={
  /ip firewall address-list set $a address=$"wan-ip"
}

THG · December 20, 2010, 12:47am

I'm done with the script now. Any comments, or ideas to improvements?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BEGINNING OF USER DEFINED CONFIGURATION

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:local "wan-interface" "ether1-gateway"
:local "address-list" "wan_ip"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

END OF USER DEFINED CONFIGURATION

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:global "old-wan-ip"
:local "wan-ip" [ /ip address get [/ip address find interface=$"wan-interface"] address ]
:set "wan-ip" [ :pick $"wan-ip" 0 [:find $"wan-ip" "/" ] ]

:if ( [/ip firewall address-list find list=$"address-list" ] = "" ) do={
/ip firewall address-list add address=$"wan-ip" list=$"address-list"
:log warning "address list: $"address-list" added by script"

} else={

:if ($"wan-ip" != $"old-wan-ip") do={
:foreach a in=[/ip firewall address-list find list=$"address-list"] do={
/ip firewall address-list set $a address=$"wan-ip"
:log warning "WAN IP address changed from: $"old-wan-ip" to $"wan-ip""
:set "old-wan-ip" $"wan-ip"
}
}
}

lima7 · August 23, 2013, 8:42am

sorry for bumped old thread, this script stop working after upgrade to version 6.2 from 5.23

THG · October 6, 2013, 4:12pm

Sorry for late response, this script works for me with RouterOS 6.4.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BEGINNING OF USER DEFINED CONFIGURATION

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:local "wan-interface" "ether1-gateway"
:local "address-list" "wan_ip"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

END OF USER DEFINED CONFIGURATION

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:global "old-wan-ip"
:local "wan-ip" [ /ip address get [/ip address find interface=$"wan-interface"] address ]
:set "wan-ip" [ :pick $"wan-ip" 0 [:find $"wan-ip" "/" ] ]

:if ( [/ip firewall address-list find list=$"address-list" ] = "" ) do={
/ip firewall address-list add address=$"wan-ip" list=$"address-list"
:log warning "address list: $"address-list" added by script"

} else={

:if ($"wan-ip" != $"old-wan-ip") do={
:foreach a in=[/ip firewall address-list find list=$"address-list"] do={
/ip firewall address-list set $a address=$"wan-ip"
:log warning "WAN IP address changed from: $"old-wan-ip" to $"wan-ip""
:set "old-wan-ip" $"wan-ip"
}
}
}

levicki · May 10, 2023, 9:07pm

Sorry for necroing the thread but this script works for me in RouterOS 7.9:

:local inetinterface "wan2";
:local addresslist "WAN2_IP";

:global CurrentIP;

:if ([/interface get $inetinterface value-name=running]) do={
	:local NewIP [/ip address get [find interface="$inetinterface" disabled=no] address];
	:set NewIP [:pick $NewIP 0 [:find $NewIP "/"]];
	:if ($NewIP != $CurrentIP) do={
		:if ($NewIP in 192.168.100.0/24) do={
			:log info "WAN2 interface waiting for new DHCP lease, will retry in 5 minutes.";
		} else={
			:log info "Updating firewall address list with [$NewIP]...";
			:if ( [/ip firewall address-list find list="$addresslist" ] = "" ) do={
				/ip firewall address-list add address="$NewIP" list="$addresslist"
				:log info "[$addresslist] created with [$NewIP]"
			} else={
				:foreach a in=[/ip firewall address-list find list="$addresslist"] do={
					/ip firewall address-list set $a address="$NewIP"
					:log info "WAN2 IP address changed from [$CurrentIP] to [$NewIP]"
				}
			}
			:set CurrentIP $NewIP;
			:log info "Done.";
		}
	}
} else={
	:log info "[$inetinterface] is not running, skipping the update.";
}

I am posting it in case someone searches for the solution.