Update address list with script

THG · Sun Dec 19, 2010 9:46 pm

Hi!

I'm stuck with the problem of how to update an address list with a script.

Here is what I am trying to do.

Read the IP address from an interface (WAN Interface).
Add the address to a list.
Check if the address has changed since the last run.
Update the address list if changed.

Alternative a script to update a firewall rule when the IP address changes.

Thanks in advance.

Mike

fewi · Sun Dec 19, 2010 10:05 pm

Look at the various DynDNS and changeip.com scripts for inspiration - most dynamic DNS providers punish you if you update your record to often when it hasn't changed, so those scripts contain all the necessary code to check whether an interface IP has changed. They usually use globals and not an address list, but that should still fit your requirements.

Just change the code inside the if block that executes when an actual change has been detected and update your firewall rule there.

THG · Mon Dec 20, 2010 12:35 am

Thank you for the response. I tried to take a look at those scripts, but I got a headache.

I decided to do it from scratch instead. The script is working, but I would like to add something to it.

Check if the address list exist.
Check if the address has changed since the last run (I don't want to clutter up the system log).

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BEGINNING OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:local "wan-interface" "ether1-gateway"
:local "address-list" "wan_ip"
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# END OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:local "wan-ip" [ /ip address get [/ip address find interface=$"wan-interface"] address ]
:set "wan-ip" [ :pick $"wan-ip" 0 [:find $"wan-ip" "/" ] ]
:foreach a in=[/ip firewall address-list find list=$"address-list"] do={
  /ip firewall address-list set $a address=$"wan-ip"
}

THG · Mon Dec 20, 2010 2:47 am

I'm done with the script now. Any comments, or ideas to improvements?

ros code

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BEGINNING OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:local "wan-interface" "ether1-gateway"
:local "address-list" "wan_ip"
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# END OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:global "old-wan-ip"
:local "wan-ip" [ /ip address get [/ip address find interface=$"wan-interface"] address ]
:set "wan-ip" [ :pick $"wan-ip" 0 [:find $"wan-ip" "/" ] ]

:if ( [/ip firewall address-list find list=$"address-list" ] = "" ) do={
/ip firewall address-list add address=$"wan-ip" list=$"address-list"
:log warning "address list: $"address-list" added by script"

} else={

:if ($"wan-ip" != $"old-wan-ip") do={
:foreach a in=[/ip firewall address-list find list=$"address-list"] do={
/ip firewall address-list set $a address=$"wan-ip"
:log warning "WAN IP address changed from: $"old-wan-ip" to $"wan-ip""
:set "old-wan-ip" $"wan-ip"
  }
 }
}

lima7 · Fri Aug 23, 2013 11:42 am

sorry for bumped old thread, this script stop working after upgrade to version 6.2 from 5.23

THG · Sun Oct 06, 2013 7:12 pm

Sorry for late response, this script works for me with RouterOS 6.4.

ros code

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# BEGINNING OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:local "wan-interface" "ether1-gateway"
:local "address-list" "wan_ip"
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# END OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:global "old-wan-ip"
:local "wan-ip" [ /ip address get [/ip address find interface=$"wan-interface"] address ]
:set "wan-ip" [ :pick $"wan-ip" 0 [:find $"wan-ip" "/" ] ]

:if ( [/ip firewall address-list find list=$"address-list" ] = "" ) do={
/ip firewall address-list add address=$"wan-ip" list=$"address-list"
:log warning "address list: $"address-list" added by script"

} else={

:if ($"wan-ip" != $"old-wan-ip") do={
:foreach a in=[/ip firewall address-list find list=$"address-list"] do={
/ip firewall address-list set $a address=$"wan-ip"
:log warning "WAN IP address changed from: $"old-wan-ip" to $"wan-ip""
:set "old-wan-ip" $"wan-ip"
  }
 }
}

levicki · Thu May 11, 2023 12:07 am

Sorry for necroing the thread but this script works for me in RouterOS 7.9:

:local inetinterface "wan2";
:local addresslist "WAN2_IP";

:global CurrentIP;

:if ([/interface get $inetinterface value-name=running]) do={
	:local NewIP [/ip address get [find interface="$inetinterface" disabled=no] address];
	:set NewIP [:pick $NewIP 0 [:find $NewIP "/"]];
	:if ($NewIP != $CurrentIP) do={
		:if ($NewIP in 192.168.100.0/24) do={
			:log info "WAN2 interface waiting for new DHCP lease, will retry in 5 minutes.";
		} else={
			:log info "Updating firewall address list with [$NewIP]...";
			:if ( [/ip firewall address-list find list="$addresslist" ] = "" ) do={
				/ip firewall address-list add address="$NewIP" list="$addresslist"
				:log info "[$addresslist] created with [$NewIP]"
			} else={
				:foreach a in=[/ip firewall address-list find list="$addresslist"] do={
					/ip firewall address-list set $a address="$NewIP"
					:log info "WAN2 IP address changed from [$CurrentIP] to [$NewIP]"
				}
			}
			:set CurrentIP $NewIP;
			:log info "Done.";
		}
	}
} else={
	:log info "[$inetinterface] is not running, skipping the update.";
}

I am posting it in case someone searches for the solution.