Community discussions

MikroTik App
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Help with Script to read routes and create import file of FW addresses

Fri Feb 26, 2021 8:00 am

I created this script which reads routes from the route table and creates a local Firewall Address List to use for filtering traffic.
That part works just fine.
I want to also create a file that can be imported to other MT routers to replicate the list in other routers.
I build the entire command list in a variable called "exportcmds"
I can even send it to the router logs as its being built and all looks good.
However the final command in this script to write that content to a file simply does not work.

The content list ends up being about 1950 "add address <IP address> list=BotNetCCandDrop timeout=1d; commands
I'm wondering if that is just too big to be written to a file.
The resulting file would only be about 170K or so. Not that large.
But is that too large for a /file set command?
#This script will take the routes added via BGP peering from Spamhaus and add to fw address list "BotNetCCandDrop" so that inbound and outbound traffic can be blocked by fw RAW rules.
{
:local RawIP;
:local i;
:local exportcmds;
:local filename "BotNetAndDrop"
#Initialize file. Creates and clears file. Note that this put .txt on the end of the filename.
/file print file=$filename; 
delay 2s;
/file set "$filename.txt" contents="";
:set exportcmds ($exportcmds . "#Import script to add BoNetCCandDROP list to router\r\n /ip firewall address-list\r\n")
#/file set "$filename.txt" contents=$exportcmds;

#initilize output file
#
#/file set $filename contents=$exportcmds;
#:set exportcmds [/file get $filename contents];


#remove existing list
/ip firewall address-list remove [/ip firewall address-list find list="BotNetCCandDrop"];

:foreach i in=[/ip route find where bgp-as-path=65190 active ] do={
   :set $RawIP  [/ip route get $i dst-address];
#  :log info "adding IP $RawIP to BotNetCC list";
   /ip firewall address-list add address=[/ip route get $i dst-address]  list=BotNetCCandDrop timeout=1d;
   :set exportcmds ($exportcmds . "add address=$RawIP list=BotNetCCandDROP timeout=1d;\r\n");
#  :log info "add address=$RawIP list=BotNetCCandDROP timeout=1d;";
}
#:log info "filename=$filename.txt";
#:log info "file contents=$exportcmds";
/file set "$filename.txt" contents=$exportcmds;
}
 
2frogs
Forum Veteran
Forum Veteran
Posts: 713
Joined: Fri Dec 03, 2010 1:38 am

Re: Help with Script to read routes and create import file of FW addresses

Fri Feb 26, 2021 7:16 pm

Variables have a 4096 byte limit. Instead of writing from an array, just amend the file. It is similar to amending an array. Here is an example:
/file print file=test;
:delay 2s;
/file set test.txt contents="/ip firewall address-list\n"; 
:foreach i in=[/ip firewall address-list find where list=test] do={:local contents [/file get test.txt contents]; :set contents ($contents . "add address=$[/ip firewall address-list get $i address] list=$[/ip firewall address-list get $i list] timeout=1d\n");/file set test.txt contents=$contents}
You can adapt this to run at the end of your script or rework it to amend as your create the rules..
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Re: Help with Script to read routes and create import file of FW addresses

Fri Feb 26, 2021 9:17 pm

What is interesting is if I do a :log info $exportcmds
The entire contents seem to be reflected in the log. Just seems to be a problem in the /file set command. Perhaps that is where the limitation exists.
I was hoping to avoid writing the file so many times to avoid disk wear.
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Re: Help with Script to read routes and create import file of FW addresses

Fri Feb 26, 2021 9:28 pm

Tried this. It actually works up to the point when the file size gets to about 4043B. The next write never happens.
Same problem, the variable starts to get too big to write to the file.
Need a true file append capability instead of a read, append, write approach.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Help with Script to read routes and create import file of FW addresses

Fri Feb 26, 2021 11:36 pm

You can write BIGGER files, they really huge...files. ;-)

with :execute
viewtopic.php?f=9&t=130448&p=819118&hilit=file#p818939

and here with print environment
viewtopic.php?f=9&t=167594&p=823889&hil ... le#p823683
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Re: Help with Script to read routes and create import file of FW addresses

Sat Feb 27, 2021 6:16 am

Got this to work with the :execute method.
Thanks for the help!!
Not just have to figure out how to have one router login and ftp the file over.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Help with Script to read routes and create import file of FW addresses

Sat Feb 27, 2021 9:54 pm

viewtopic.php?f=9&t=171135&p=836472&hil ... ad#p836472

Warning! the source directory and target directory must be the same and rxist. So this is not going to work /disk/file.txt --> /file.txt.

See: viewtopic.php?f=9&t=154975&p=840364&hil ... k1#p768130
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Re: Help with Script to read routes and create import file of FW addresses

Mon Mar 01, 2021 1:40 am

Got the FTP working also. Thanks gang!!

Who is online

Users browsing this forum: No registered users and 29 guests