Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

Address lists and Groups of Address

Post Reply
 
srwsol
just joined
Topic Author
Posts: 1
Joined: Thu Dec 02, 2021 2:58 am

Address lists and Groups of Address

Thu Dec 02, 2021 3:14 am

Hi folks:

I'm new to RouterOS and have just bought a RB5009 to replace a Zywall 110 and have questions about the firewall address lists. One very good that that Zywalls allow is to define addresses (with a descriptive name) and then define groups of addresses by dragging individual addresses into the group, and in fact you can drag other groups into a new group, thus nesting them. I'm looking for a way to do something similar with RouterOS. I also have some Ubiquity routers and was always frustrated that addresses had to be typed over and over again if they were in multiple lists, which of course invites errors if the address changes and you happen to miss one.

I was playing with the address lists just now and I think I may have found a way to get part of what I want because of the address list's ability to resolve dns names on the fly to an IP address, a feature that neither the Zywall nor the Ubiquity routers have. My thought was to define all of the individual IP addresses as static addresses in DNS say with a specific prefix or suffix to identify them as such (e.g. addresslist.descriptivename1, addresslist.descriptivename2, etc), and then use the dns name in the address lists rather than the actual IP address. That way if a particular address needs to be changed I need only change it in the static dns setting rather than hunt down all instances in the address lists. Now, that doesn't give me the ability to nest an address list within an address list, but at least it ensures that each IP address is only typed in once and all in one single place.

What I don't know yet is how often these dynamic addresses are re-resolved in the address lists, or if there is some command that I could issue that would refresh them all after I've made changes in the static dns section. The other thing I don't know is if there is some extra/hidden overhead in doing things this way that would be exacted every time the firewall rule chains were traversed. Lastly, if there is a better way to go about this, then I'm all ears, because as I say I've got about 30 total minutes at this point of working with RouterOS.

Suggestions welcome.
Top
Post Reply

Who is online

Users browsing this forum: 4l4R1 and 39 guests
  4. RouterOS
  5. Beginner Basics