Community discussions

User avatar
Topic Author
Posts: 47
Joined: Wed Jan 23, 2008 11:59 pm
Location: Bend, Oregon

Script to tell if an IP is in a Firewall Address List (or) how to match an IP in an IP range like

Sat Jun 22, 2019 10:22 pm

So I need to be able to tell if a given IP address is represented in a given /ip firewall address-list list. However, I know of at least three ways that can happen.

add list="test" address="" comment="Directly Mentioned"
add list="test" address="" comment="Part of a subnet"
add list="test" address="" comment="Part of a range"

But I only know how to test for two of those conditions:

/ip firewall address-list find address=$1 and list=$2 // This tests for a direct mention, but fails if IP is inside a subnet or a range.

/ip firewall address-list find $1 in address and list=$2 // This detects an IP in a subnet, but fails both for direct mention or for a range. (succeeds for degenerate case, but I want to support direct mention with no CIDR as well instead of trying to change how lists get created lol!)

So I can make this function detect direct mentions or subnet inclusion, but I still have no way to detect a match against a range.
:global ipInList do={:return ([:len [/ip firewall address-list find ($1 in address || address=$1 ) and list=$2]] > 0)}

Please advise? Thank you.

PS. This is my company's forum account, and I'd have posted from my personal one but it's not letting me login that way and I'm not certain who to contact for support over forum login issues. :B

- - Jesse Thompson
Webformix, Bend OR

Who is online

Users browsing this forum: No registered users and 8 guests