Community discussions

MikroTik App
 
DoAWhat
just joined
Topic Author
Posts: 1
Joined: Sun Mar 06, 2022 8:33 pm

Help me to write this script

Sun Mar 06, 2022 8:35 pm

I want to Create a script which resolves Web page to an IP, and put this IP into an address list.
After that i want to Schedule this script every minute or so.

Then i will Add a firewall rule to drop forwarded traffic to this address list.

Thank you
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Help me to write this script

Wed Mar 09, 2022 3:42 pm

This will resolve name for mt.lv and add it to address list "Demo"
/ip firewall address-list add address=[:resolve mt.lv] list="demo"
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Help me to write this script

Wed Mar 09, 2022 5:53 pm

Here is the complete script:
:local Site "mt.lv"
:local IP [:resolve $Site]
/ip firewall address-list
:if ([:len [find address=$IP list="demo"]]=0) do={
	add address=$IP list="demo" comment="$Site"
}

You need to test if ip is already in the list. If yes, do not add. (will fail if not tested)
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Help me to write this script

Wed Mar 09, 2022 6:44 pm

Here is the complete script:
:local Site "mt.lv"
:local IP [:resolve $Site]
/ip firewall address-list
:if ([:len [find address=$IP list="demo"]]=0) do={
	add address=$IP list="demo" comment="$Site"
}

You need to test if ip is already in the list. If yes, do not add. (will fail if not tested)
Do you even need a script? /ip firewall address-list has the nice property of doing the resolve for you. Unlike most of RouterOS, address= can be a DNS name in the firewall address-lists. AFAIK, it follows the DNS TTL for refresh and will resolve CNAME or A to multiple records if needed. You can even add multiple DNS names to the same list to refer to the "collection of DNS names" in the firewall rules.

Now if you didn't trust the TTL/update interval of these, then you'd need a scheduler. But the [:resolve] part may not be needed.

/ip firewall address-list add address=youtube.com list=youtube
/ip firewall address-list add address=www.youtube.com list=youtube
/ip firewall address-list print where list=youtube
which gets you:
Flags: D - DYNAMIC
Columns: LIST, ADDRESS, CREATION-TIME
 #   LIST     ADDRESS          CREATION-TIME       
 0   youtube  youtube.com      mar/09/2022 08:41:10
;;; youtube.com
 1 D youtube  142.250.191.46   mar/09/2022 08:41:10
 2   youtube  www.youtube.com  mar/09/2022 08:41:40
;;; www.youtube.com
 3 D youtube  142.250.189.174  mar/09/2022 08:41:40
;;; www.youtube.com
 4 D youtube  142.250.191.78   mar/09/2022 08:41:40
;;; www.youtube.com
 5 D youtube  142.251.46.174   mar/09/2022 08:41:40
;;; www.youtube.com
 6 D youtube  142.251.46.206   mar/09/2022 08:41:40
;;; www.youtube.com
 7 D youtube  142.251.32.46    mar/09/2022 08:41:40
;;; www.youtube.com
 8 D youtube  142.251.46.238   mar/09/2022 08:41:40
;;; www.youtube.com
 9 D youtube  142.250.189.206  mar/09/2022 08:41:40
;;; www.youtube.com
10 D youtube  216.58.195.78    mar/09/2022 08:41:40
;;; www.youtube.com
11 D youtube  216.58.194.174   mar/09/2022 08:41:40
;;; www.youtube.com
12 D youtube  216.58.194.206   mar/09/2022 08:41:40
;;; www.youtube.com
13 D youtube  172.217.5.110    mar/09/2022 08:41:40
;;; www.youtube.com
14 D youtube  172.217.6.46     mar/09/2022 08:41:40
;;; www.youtube.com
15 D youtube  172.217.164.110  mar/09/2022 08:41:40
;;; www.youtube.com
16 D youtube  142.250.72.206   mar/09/2022 08:41:40
;;; www.youtube.com
17 D youtube  142.250.189.238  mar/09/2022 08:41:40
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Help me to write this script

Wed Mar 09, 2022 7:15 pm

Its a smarter way to do it. But if you get url from a system, you still need to test if its already in the list, so script is needed.
/ip firewall address-list add address=youtube.com list=demo
failure: already have such entry
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3255
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Help me to write this script

Wed Mar 09, 2022 8:53 pm

Its a smarter way to do it. But if you get url from a system, you still need to test if its already in the list, so script is needed.
/ip firewall address-list add address=youtube.com list=demo
failure: already have such entry

Totally, sorry I did miss he want to add to the list dynamically.

I think my missing point was more that [:resolve] gets one IP, but a site may have a few:
:put [:resolve www.youtube.com]
142.251.46.238

On Linux, `dig www.youtube.com` get the same list as /ip/firewall/address-list with a DNS does:
 dig www.youtube.com                

; <<>> DiG 9.10.6 <<>> www.youtube.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9769
;; flags: qr rd ra; QUERY: 1, ANSWER: 17, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.youtube.com.		IN	A

;; ANSWER SECTION:
www.youtube.com.	49551	IN	CNAME	youtube-ui.l.google.com.
youtube-ui.l.google.com. 105	IN	A	64.233.177.190
youtube-ui.l.google.com. 105	IN	A	172.253.124.136
youtube-ui.l.google.com. 105	IN	A	64.233.177.93
youtube-ui.l.google.com. 105	IN	A	216.58.195.142
youtube-ui.l.google.com. 105	IN	A	172.253.124.91
youtube-ui.l.google.com. 105	IN	A	64.233.177.136
youtube-ui.l.google.com. 105	IN	A	172.217.164.78
youtube-ui.l.google.com. 105	IN	A	74.125.21.91
youtube-ui.l.google.com. 105	IN	A	173.194.219.93
youtube-ui.l.google.com. 105	IN	A	142.250.177.46
youtube-ui.l.google.com. 105	IN	A	64.233.177.91
youtube-ui.l.google.com. 105	IN	A	142.250.176.78
youtube-ui.l.google.com. 105	IN	A	74.125.21.190
youtube-ui.l.google.com. 105	IN	A	172.253.124.93
youtube-ui.l.google.com. 105	IN	A	172.253.124.190
youtube-ui.l.google.com. 105	IN	A	74.125.136.91

;; Query time: 10 msec
;; SERVER: 2600:1700:87f0:2f20::1#53(2600:1700:87f0:2f20::1)
;; WHEN: Wed Mar 09 10:41:18 PST 2022
;; MSG SIZE  rcvd: 334
 
404Network
Member Candidate
Member Candidate
Posts: 285
Joined: Wed Feb 16, 2022 2:04 pm

Re: Help me to write this script

Wed Mar 09, 2022 9:28 pm

You both are missing the point, cant see the forest for the trees, lost in the minutia ;-)
The script request DOES NOT= REQUIREMENT.

Why? Simply a configuration has a task to perform to meet requirements. You are discussing tasks because the OP framed the request in such a way that fooled you. :-)

Analogy. Op asks on forum, how do I design the internal mechanism on a plastic pistol. The requirement is to be able to kill someone,,,,,,, now do you really want to help a person do that ;-P
So it was a poor analogy LOL.

In other words, the OP has to confess THE WHY he wants such a script.
Since the OP is afraid of the truth we can only surmize that they are attempting to block websites from users on his LAN.
We know that to be a fools game with MT equipment, especially if the URLS are HTTPS.

So get your heads out of the sand and inform this poor chap that no matter how gucci, suave, sophisticated the scripts you foam at the mouth with like excited puppies, it AINT gonna resolve the requirement.

I could be wrong, but will leave you to decide............

Who is online

Users browsing this forum: astelsrl and 17 guests