Need help completing a script.

shafiqrahman · Thu Nov 09, 2023 2:16 pm

Had a script that disabled/enabled nat rules upon resolving domains. But, the script starts randomly failing. So I need to modify the script, as a non-programmer I am having difficulties completing the script. Here is the script:

:local testDomains {"www.google.com" "www.facebook.com" "www.youtube.com"}
:local piholeDNS "192.168.188.25"
:local piholeUP [/ip firewall nat print count-only where comment~"pihole_bypass" && disabled]
:local maxRetries 3
:local success false

:foreach testDomains in=$testDomains do={
    :set success false
    :for (i=0; i<$maxRetries; i=i+1) do={
      :if ([:resolve $testDomains from=$piholeDNS]!="") do={
        :set success true
        :break
      }
    }
}
:if ($success=true) do={
    :if ($piholeUP=0) do={
        /ip firewall nat disable[find comment~"pihole_bypass"];
    }else={
        :break
    }
}
:if ($success=false) do={
    :if ($piholeUP>0) do={
        /ip firewall nat enable[find comment~"pihole_bypass"];
    }else={
        :break
    }
}

Any help/suggestion will be highly appreciated. So, far I only found a syntax error in ":for (i=0; i<$maxRetries; i=i+1)". But there should be other logical errors.

rextended · Thu Nov 09, 2023 4:17 pm

Do you think people should waste their time fixing ChatGPT's made-up shipts™?

shafiqrahman · Fri Nov 10, 2023 1:30 pm

Not really. But I did put in some effort

. At least give me some hints, about what language MT script closely resembles. I can try to work up from there.

:if ($success=true) do={
    :if ($piholeUP=0) do={
        /ip firewall nat disable[find comment~"pihole_bypass"];
    }else={
        :break
    }
}
:if ($success=false) do={
    :if ($piholeUP>0) do={
        /ip firewall nat enable[find comment~"pihole_bypass"];
    }else={
        :break
    }
}

This portion was mine

shafiqrahman · Sat Nov 18, 2023 2:00 pm

So far I was able to partially complete the script. After a little bit of digging to me, it seems like :do..while should do the job. Then again after a suggestion in forums I found out that I need some nested loop, so I again implemented :foreach. Though its works, but partially. The issue is that :foreach only counts the last domain resolve success. I still cant figure it out how do I break out from "foreach".

:local testDomains {"www.google.com";"www.facebook.com";"www.youtube.com";"www.opendns.com"}
:local piholeDNS "192.168.188.25"
:local piholeUP [/ip firewall nat print count-only where comment~"pihole_bypass" && disabled]
:local success false ;
:local retries 0 ;
:local timeRetries 2 ;

:do {
    :foreach i in $testDomains do={
        :do {
            :resolve $i server $piholeDNS
            :set success true} on-error={ :set success false}
            }
            } while=( $retries<$timeRetries && $success = false);
:if ($success=true) do={
    :if ($piholeUP=0) do={
        /ip firewall nat disable [find comment~"pihole_bypass"];
    } else={
    }
}
:if ($success=false) do={
    :if ($piholeUP>0) do={
        /ip firewall nat enable [find comment~"pihole_bypass"];
    } else={
    }
}

Any suggestion will be greatly appreciated.

Amm0 · Sat Nov 18, 2023 6:17 pm

First, there is no "break" in :foreach in RouterOS script. You can mimic a break with an :if () do={} else={} inside the loop that does nothing if would break — since :foreach is going to iterate through the entire list.

Re ChatGPT... you must have typed some prompts to get the script & that's what more useful to know

. Unwinding a broken script to deduce what it suppose to do isn't easy, nor fun.
e.g. what problem are you trying to solve?

Quick guess is you want to disable a NAT redirect to a pi-hole container if the container is not resolving DNS address. And, what ChatGPT isn't going to suggest is using /tool/netwatch to do this. If you setup a netwatch to ping the pi-hole container, you can use the up/down/test scripts to accomplish this. And in the "test" script check DNS resolution using the ":resolve server= <host>" (your script above does not have an equal sign next to server) to control the NAT redirect rule using your "find comment=".

shafiqrahman · Sat Nov 18, 2023 10:34 pm

Thank you, for explaining. This new script doesn't generated by chatgpt. Its done by me. About to ask this after the script completation

:resolve server= <host>

. Thank you again for pointing out that,I have seen that error while script print, but kept it for later. I did have an iteration with if/else after foreach but that didn't work. Since I am not a programmer its kinda tough to wrap around the logic. I will give a try with the netwatch. I did mention the usage of chatgpt. But, after @rextended gentle nudge I retort back to pre-chatgpt era

(chatgpt was leisurely fun when I did not have a full fledged winbox)and started working by myself. I will update once I have any updates with the netwatch and the up/down/test scripts.

shafiqrahman · Sun Nov 19, 2023 1:52 am

Found out Netwatch implementation is easy to setup. Here is a config export:

/tool netwatch
add disabled=no down-script=\
    "/ip firewall nat enable [find comment=pihole_bypass];" host=\
    192.168.188.25 http-codes="" interval=45s src-address=192.168.88.1 \
    test-script=":local testDomains {\"www.godjjdkdk.com\";\"www.youtube.com\"\
    ;\"www.bbbdjdjd.co\"}\r\
    \n:local piholeDNS \"192.168.188.25\"\r\
    \n:local success false ;\r\
    \n\r\
    \n:foreach i in=\$testDomains do={\r\
    \n    :do {\r\
    \n        :resolve \$i server=\$piholeDNS\r\
    \n        :set success true\r\
    \n        } on-error={\r\
    \n            :set success false\r\
    \n            }\r\
    \n}" timeout=2s type=simple up-script=\
    "/ip firewall nat disable [find comment=pihole_bypass];"

Its working. I just broke a precursor script of the above script. That script(precursor script/see below) was okay, but when I implemented nested loops and the retries it broke. Here is the precursor:

:local testDomains {"www.google.com";"www.facebook.com";"www.youtube.com"}
:local piholeDNS "192.168.188.25"
:local piholeUP [/ip firewall nat print count-only where comment~"pihole_bypass" && disabled]
:local success false ;

:foreach i in=$testDomains do={
    :do {
        :resolve $i server=$piholeDNS
        :set success true
        } on-error={
            :set success false
            }
}
:if ($success=true) do={
    :if ($piholeUP=0) do={
        /ip firewall nat disable [find comment=pihole_bypass];
    } else={
    }
}
:if ($success=false) do={
    :if ($piholeUP>0) do={
        /ip firewall nat enable [find comment=pihole_bypass];
    } else={
    }
}

I did replaced the "~" with "=" as suggested. The two test domains in the "test" fields are dummy domains to test the script works any one of them is successful.

Amm0 · Sun Nov 19, 2023 3:24 am

Good to hear. Netwatch lets you break up the problem in byte-size scripts.

And your right to monitor pi-hole.... containers do occasionally have troubles & if it's the DNS for network, that's a recipe for trouble.

shafiqrahman · Sun Nov 19, 2023 1:45 pm

From 6:15 am to 05:41 pm not a single firewall change. So, far holding very good. Thank you very much @Amm0. Yes, containers r troublesome, so far in my home environment I haven't found any trouble. Also, using Mcvlan in containers also reduced a lot of headaches.

Need help completing a script. [SOLVED]

Need help completing a script.

Re: Need help completing a script.

Re: Need help completing a script.

Re: Need help completing a script.

Re: Need help completing a script. [SOLVED]

Re: Need help completing a script.

Re: Need help completing a script.

Re: Need help completing a script.

Re: Need help completing a script.

Who is online