Community discussions

MikroTik App
  4. RouterOS
  5. Scripting

Add a dynamic address to address-list

Post Reply
 
User avatar
n2m
newbie
Topic Author
Posts: 47
Joined: Mon Feb 25, 2008 8:48 am

Add a dynamic address to address-list

Thu Jun 24, 2010 2:49 pm

I need to add the address of the adsl interface (dynamic) to address-list.

I've tried to mark the new connection coming from that interface, but that doesn't work :( :
Code: Select all
chain=mark new unseen action=add-dst-to-address-list address-list=public 
     address-list-timeout=0s in-interface=ADSL
Also tried to use the script to get the address from the /ip address, and it works but has two problems:
1) I want the address list to be dynamic
2) The checkIP is not working, and therefore the address is constantly being added, even thought it exists
Here's the script:
Code: Select all
:local checkIP 0;
:local a
:foreach i in [/ip address find interface=ADSL] do={
  :set a [/ip address get $i address]
}
  :set checkIP [/ip firewall address-list pr count-only where address=$a]
  :if ($checkIP = 0) do={
  /ip firewall address-list add address=$a list=public
}
I would appreciate if someone could lead me to a solution to add the address to a list (preferably dynamic, since the address changes and i won't be needing to nat the pre-updated addresses that doesn't exist anymore after the address update).

Thank you :)
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: Add a dynamic address to address-list

Thu Jun 24, 2010 3:26 pm

mark the new connection coming from that interface
Code: Select all
/ip firewall mangle add chain=postrouting out-interface=ADSL action=add-src-to-address-list address-list=public
because only in postrouting you can see NATted address
use the script
try like this:
Code: Select all
:local checkIP 0
:local a
:foreach i in [/ip address find interface=ADSL] do={ :set a [/ip address get $i address] }
:foreach i in [/ip firewall address-list find address=$a] do={ :set checkIP 1 }
:if ($checkIP = 0) do={ /ip firewall address-list add address=$a list=public }
Top
 
User avatar
n2m
newbie
Topic Author
Posts: 47
Joined: Mon Feb 25, 2008 8:48 am

Re: Add a dynamic address to address-list

Thu Jun 24, 2010 4:05 pm

Code: Select all
/ip firewall mangle add chain=postrouting out-interface=ADSL action=add-src-to-address-list address-list=public
because only in postrouting you can see NATted address
Actually this adds the private ips of the hosts connected to router, i need the public ip of the interface, so using this:
Code: Select all
chain=prerouting action=add-dst-to-address-list address-list=public in-interface=ADSL
or
Code: Select all
chain=input action=add-dst-to-address-list address-list=public in-interface=ADSL
it works, it adds the dynamic ip of the interface, but i'm not sure if any of these rules affects other mangle rules for load balancing!?
Code: Select all
[x@x]/ip firewall mangle> pr
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=input action=add-dst-to-address-list address-list=public 
     address-list-timeout=0s in-interface=ADSL 

       or

 1  chain=prerouting action=add-dst-to-address-list address-list=public
     address-list-timeout=0s in-interface=ADSL 

 2 X chain=mark new unseen action=add-src-to-address-list address-list=ptk 
     address-list-timeout=0s in-interface=ADSL 

 3 X chain=mark new unseen action=add-dst-to-address-list address-list=local 
     address-list-timeout=0s in-interface=ADSL 

 4   chain=mark new unseen action=add-src-to-address-list address-list=first 
     address-list-timeout=0s nth=2,1 

 5   chain=mark new unseen action=add-src-to-address-list address-list=second 
     address-list-timeout=0s nth=2,2 

 6   chain=mark new unseen action=add-src-to-address-list address-list=seen 
     address-list-timeout=0s 

 7   chain=mark new unseen action=jump jump-target=mark connection 

 8   chain=mark connection action=mark-connection new-connection-mark=first_conn 
     passthrough=yes src-address-list=first 

 9   chain=mark connection action=mark-connection new-connection-mark=second_con>
     passthrough=yes src-address-list=second 

10   chain=mark connection action=mark-routing new-routing-mark=first 
     passthrough=no connection-mark=first_conn 

11   chain=mark connection action=mark-routing new-routing-mark=second 
     passthrough=no connection-mark=second_conn 

12   chain=prerouting action=mark-routing new-routing-mark=first passthrough=no 
     src-address-list=first connection-mark=first_conn 

13   chain=prerouting action=mark-routing new-routing-mark=second passthrough=no 
     src-address-list=second connection-mark=second_conn 

14   chain=prerouting action=jump jump-target=mark connection 
     connection-state=new src-address-list=local dst-address-list=!local 

15   chain=prerouting action=jump jump-target=mark new unseen 
     connection-state=new src-address-list=local dst-address-list=!local
try like this:
Code: Select all
:local checkIP 0
:local a
:foreach i in [/ip address find interface=ADSL] do={ :set a [/ip address get $i address] }
:foreach i in [/ip firewall address-list find address=$a] do={ :set checkIP 1 }
:if ($checkIP = 0) do={ /ip firewall address-list add address=$a list=public }
it doesn't work, it keeps adding the ip over and over.

Thanks :)
Top
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:
Contact Chupaka

Re: Add a dynamic address to address-list

Thu Jun 24, 2010 4:32 pm

Actually this adds the private ips of the hosts connected to router, i need the public ip of the interface, so using this:
Code: Select all
chain=prerouting action=add-dst-to-address-list address-list=public in-interface=ADSL
or
Code: Select all
chain=input action=add-dst-to-address-list address-list=public in-interface=ADSL
it works, it adds the dynamic ip of the interface, but i'm not sure if any of these rules affects other mangle rules for load balancing!?
yeah, sorry, you need to use prerouting %)

more correct way is the following:
Code: Select all
/ip firewall mangle add chain=prerouting in-interface=ADSL dst-address-type=local action=add-dst-to-address-list address-list=public
i'm not sure if any of these rules affects other mangle rules for load balancing!?
no, after adding to address list, the rest rules are processed, so it doesn't change the workflow, just adds an address
try like this:
Code: Select all
:local checkIP 0
:local a
:foreach i in [/ip address find interface=ADSL] do={ :set a [/ip address get $i address] }
:foreach i in [/ip firewall address-list find address=$a] do={ :set checkIP 1 }
:if ($checkIP = 0) do={ /ip firewall address-list add address=$a list=public }
it doesn't work, it keeps adding the ip over and over.
got it. that's because /ip address is with mask (/32), and address list skips /32. just add
Code: Select all
:set a [:pick $a 0 [:find $a "/"]]
between 3rd and 4th lines
Top
 
User avatar
n2m
newbie
Topic Author
Posts: 47
Joined: Mon Feb 25, 2008 8:48 am

Re: Add a dynamic address to address-list

Thu Jun 24, 2010 5:03 pm

Both solutions working like a charm :). Thanks ;)
Top
Post Reply
  4. RouterOS
  5. Scripting