I have a script on my CRS that updates my firewall rules every 15 minutes. The script checks if my dynamic IP on ether1 has changed since last run and if so it swaps any rules that have my old IP in its dst-address to have my new IP in its dst-address .
On 6.19 this script has now started updating rules that it shouldn't, it now updates my default srcnat masquerade rule to have a dst-address of my current ip also.
Code: Select all
:global currentIP;
:local newIP [/ip address get [find interface="ether1"] address];
:if ($newIP != $currentIP) do={
:log info "ip address $currentIP changed to $newIP";
/ip firewall nat set [/ip firewall nat find where dst-address=[:pick $currentIP 0 [:find $currentIP "/"]]] dst-address=[:pick $newIP 0 [:find $newIP "/"]];
:set currentIP $newIP;
}