Community discussions

 
thefiddler007
just joined
Topic Author
Posts: 13
Joined: Tue Jan 17, 2017 8:46 am

Checking whether items are present

Tue May 15, 2018 4:57 pm

Hi There,

I need a little scripting advice.

So I created an import script which basically configures the Firewall , access lists , services , snmp , ntp , default password etc etc which works 100% but only under certain conditions :) So my technical guys will start off my updating to the latest firmware : 6.42.1(Stable) but they then have to "Reset the configuration" before the import script works properly... otherwise it will end up complaining about some missing items ... I'm guessing the default config that ships with the router is different then what you get when you reset the router to Default?

Anyway , after some troubleshooting I've realized that the following lines gets added when the router is defaulted. Well this and a bunch of other stuff changes but these two lines seems the only ones important to my issue :)
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN

So normally this won't be an issue since it's a rather simple process , but every now and then our tech guys goes into retard mode and forgets to reset the router to default and also doesn't bother looking at the error which ends up in a poorly configured router.

So that said , I've been trying to add something in the script to check whether LAN or WAN is already added to the /interface list and if not to then add the missing values. So after reading through some scripting howtos I came up with the following code but I'm unable to get it to work. It basically needs to check whether the value is present and add it if missing. Problem is , I'm just getting an error "no such item" if it doesn't find the value which ends up with the (do) part not getting executed.

## Check whether interface exist , if no value is returned
:if ([/interface list get WAN] = "") do { /interface list add comment=defconf name=WAN }

Sorry for the long windy post , just wanted to make sure I've added as much info as possible.

thanks in advance,
 
sindy
Forum Guru
Forum Guru
Posts: 3944
Joined: Mon Dec 04, 2017 9:19 pm

Re: Checking whether items are present

Tue May 15, 2018 5:03 pm

:if ([/interface list print count-only where name=WAN]=0) do={/interface list add comment=defconf name=WAN}
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
thefiddler007
just joined
Topic Author
Posts: 13
Joined: Tue Jan 17, 2017 8:46 am

Re: Checking whether items are present

Tue May 15, 2018 5:18 pm

wow thanks , that's pretty simple :)

Much appreciated!!!!
 
sindy
Forum Guru
Forum Guru
Posts: 3944
Joined: Mon Dec 04, 2017 9:19 pm

Re: Checking whether items are present

Tue May 15, 2018 5:29 pm

wow thanks , that's pretty simple :)
That's because the question was clear :-)
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
thefiddler007
just joined
Topic Author
Posts: 13
Joined: Tue Jan 17, 2017 8:46 am

Re: Checking whether items are present

Tue May 15, 2018 5:56 pm

Is there perhaps a simple way of counting how many firewall rules are present ? I'm removing the firewall with the following script but it only works if I specify the correct amount of rules.

/for x from 1 to 10 do={/ip firewall filter remove $x}

Thanks in advance,
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Checking whether items are present

Tue May 15, 2018 6:00 pm

/ip firewall filter remove [find]
 
sindy
Forum Guru
Forum Guru
Posts: 3944
Joined: Mon Dec 04, 2017 9:19 pm

Re: Checking whether items are present

Tue May 15, 2018 6:07 pm

Well, this one is a bit more complex. The reference numbers 0..n are only generated by the print command for your convenience, and their validity is limited until the first change which changes the number of the items in the list. These numbers are temporary aliases to pointers and the pointers seem to be static.

So what you want is
:foreach rule in=[/ip firewall filter find dynamic=no] do={/ip firewall filter remove $rule}
In my opinion, @mrz's suggestion may fail on dynamic rules, but maybe the short form of
/ip firewall filter remove [find dynamic=no]
works. The only problem is that you never know in advance whether the command accepts the list returned by find directly or whether you need the foreach.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
thefiddler007
just joined
Topic Author
Posts: 13
Joined: Tue Jan 17, 2017 8:46 am

Re: Checking whether items are present

Tue May 15, 2018 6:17 pm

Thanks Sindy , I originally first tried what mrz suggested but the script stopped with the following error (failure: cannot remove builtin) which I'm guessing is the dynamic rule ?

Anyway , both your examples works perfect.

Much appreciated.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Checking whether items are present

Tue May 15, 2018 6:24 pm

Yes, if there are dynamic entries then [find dynamic=no] should be used. "foreach" in this case is unnecessary, it should be used if you want to edit specific rules or any other reason when you need to loop through all found entries.
 
thefiddler007
just joined
Topic Author
Posts: 13
Joined: Tue Jan 17, 2017 8:46 am

Re: Checking whether items are present

Tue May 15, 2018 6:30 pm

One last question for the day :)

Is there perhaps any specific rituals one needs to invoke to get the "Run after Reset" function to work when you specify a config script to get installed after "Resetting the config file" ? The script works with the normal import command via the terminal but dies somewhere leaving the router without an IP address if I use the "Run after reset" function. The log file also doesn't provide any clues.

Thanks again,
 
2frogs
Long time Member
Long time Member
Posts: 540
Joined: Fri Dec 03, 2010 1:38 am

Re: Checking whether items are present

Tue May 15, 2018 7:04 pm

Add a delay to the top of your script to allow time for all interfaces to initialize.
 
thefiddler007
just joined
Topic Author
Posts: 13
Joined: Tue Jan 17, 2017 8:46 am

Re: Checking whether items are present

Wed May 16, 2018 8:37 am

Ok cool , I had a 30s delay but will try and increase it to 1min or something.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Checking whether items are present

Wed May 16, 2018 1:05 pm

Delay is one option, but better option would be to wait for interfaces to load, for example if your config script depend on ethernet interfaces then do something like in code below.
:local count 0; 
:while ([/interface ethernet find] = "") do={ 
  :if ($count = 30) do={
    :log warning "DefConf: Unable to find ethernet interfaces";
    /quit;
  }
  :delay 1s; :set count ($count +1); 
}
 
sindy
Forum Guru
Forum Guru
Posts: 3944
Joined: Mon Dec 04, 2017 9:19 pm

Re: Checking whether items are present

Wed May 16, 2018 2:39 pm

Delay is one option, but better option would be to wait for interfaces to load, for example if your config script depend on ethernet interfaces then do something like in code below.
:local count 0; 
:while ([/interface ethernet find] = "") do={ 
  :if ($count = 30) do={
    :log warning "DefConf: Unable to find ethernet interfaces";
    /quit;
  }
  :delay 1s; :set count ($count +1); 
}
@mrz (Martins?), If I get the above right, the script above implements a "clever delay" of up to 30 seconds - it ends succesfully as soon as the first ethernet interface appears, or fails with a warning if after 30 seconds still none of the ethers is created. But the OP's problem is that even after 30 seconds the ethers are not present yet.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Checking whether items are present

Wed May 16, 2018 2:41 pm

It is just an example you can increase count to any value you need 60 or 90

Who is online

Users browsing this forum: MSN [Bot] and 106 guests