Well,
($ipAddress&$cidrMask) suggests that the actual expression would be like
(4.3.2.1&255.255.255.0) which yields 4.3.2.0, but what I had in mind was that you have to place 4.3.2.0
/24 to the
address-list as e.g. within a /21 network, 4.3.2.0 is not an address of a network but an ordinary host address.
But on the other hand, the
address-list code is clever itself:
[me@MyTik] > ip firewall address-list print
Flags: X - disabled, D - dynamic
# LIST ADDRESS CREATION-TIME TIMEOUT
0 my-test 192.168.1.3 jul/20/2018 13:55:53
[me@MyTik] > ip firewall address-list set [find list=my-test address=192.168.1.3] address=192.168.1.3/24
[me@MyTik] > ip firewall address-list print
Flags: X - disabled, D - dynamic
# LIST ADDRESS CREATION-TIME TIMEOUT
0 my-test 192.168.1.0/24 jul/20/2018 13:55:53
So it is enough to specify the mask length and the address-list code zeroes the bits of the prefix which exceed the mask length automatically.
Therefore, the code only needs to find list items whose address values don't contain the / character and add the /24 to them:
[me@MyTik] > ip firewall address-list print
Flags: X - disabled, D - dynamic
# LIST ADDRESS CREATION-TIME TIMEOUT
0 my-test 192.168.1.17 jul/20/2018 13:55:53
1 my-test 192.168.5.43 jul/20/2018 14:07:55
[me@MyTik] > :foreach id in=[ip firewall address-list find list=my-test address~"^[0-9\\.]*\$"] do={local ipAddr [/ip firewall address-list get $id address];/ip firewall address-list set $id address=($ipAddr."/24")}
[me@MyTik] > ip firewall address-list print
Flags: X - disabled, D - dynamic
# LIST ADDRESS CREATION-TIME TIMEOUT
0 my-test 192.168.1.0/24 jul/20/2018 13:55:53
1 my-test 192.168.5.0/24 jul/20/2018 14:07:55