If else commands scripting.

briane · Fri Jul 30, 2010 5:32 pm

Hi,

I am new at scripting, and have what I believe is a small problem.

Pseudo code:

If wlan1 is enabled, do nothing and exit script
else enable wlan1 and exit script

Basically, I do not want to just enable everytime the script runs, because if wlan1 is enabled, and the script enables again, it breaks the link for about 2 seconds as it disconnects and reconnects.

Thanks
Brian

Chupaka · Fri Jul 30, 2010 5:49 pm

if ([/interface get wlan1 disabled] = yes) do={ /interface enable wlan1 }

briane · Fri Jul 30, 2010 6:55 pm

Thank you kindly

Brian

EarthStation · Sat Sep 04, 2010 12:09 pm

Hi,

Taking this a step further......

I have a Netwatch command that reads:

/ip route set [find comment="Group B"] gateway=10.254.254.255;

I would like that command above to first check if /ip route [find comment="Group B"] gateway=10.254.254.250 and if this is so, then run:

/ip route set [find comment="Group B"] gateway=10.254.254.255;

otherwise do nothing.....

This is used as part of a load balancing/failover script, the two gateways being defaulted to 10.254.254.250 (GroupA) and 10.254..254.255 (GroupB), and only if one gateway goes down, then both groups are routed to the remaining "open" gateway.

Thanks
Brian
(also briane on this forum)

Chupaka · Sat Sep 04, 2010 8:26 pm

:local gw;
/ip route
:foreach i in=[find] do={
  :set gw [get $i gateway];
  if ($gw = "10.254.254.250") do={
    set $i gateway=10.254.254.255;
  }
}

p.s. .255?..

briane · Sat Sep 04, 2010 11:14 pm

Thanks Chupaka,

Maybe I am not following, this will change any gw with 250 to 255, then both load groups go via gw 255. Now can not separate them again, as they identical Both gateways area active (load balancing), unless one falls over then, the failed GW is routed to the remaining active gateway, which is why I thought searching it on the "Comment" or maybe even "routing mark" field would be the easiest....

If the changes are made purely on the GW IP address, once they are the same, will never be able to separate them. Maybe routing mark as the selection field?

What I am trying to accomplish is via the netwatch on GroupB, once it comes up, from a down situation, the script must test if it is set at 255 or 250. If it is 255, then do nothing, if group B is 250 and netwatch shows it is "up", then set to 255. Hope this makes the intention clearer.

Please explain the "255?" ? It has been working for 3 months so far, could this be causing problems I am unaware of?

Regards and many thanks
Brian

fewi · Sat Sep 04, 2010 11:46 pm

Often IP addresses that end in .255 are broadcast addresses and cannot be gateways. Yours might be OK since we don't know the subnet mask of your IP address on that network.

briane · Sun Sep 05, 2010 12:04 pm

Often IP addresses that end in .255 are broadcast addresses and cannot be gateways. Yours might be OK since we don't know the subnet mask of your IP address on that network.

My AP's are configured with IP addresses as per image below....

Each Client unit has a different network (and the same broadcast) setting, and on the Client Unit, the IP is set with the network and broadcast the same as the AP IP address, so effectively each client has it's own network. 255 is never used on the wireless network as a common broadcast IP.

The Client unit associated with the first IP in the image above, has these settings for it's IP's...

Regards
Brian

Chupaka · Sun Sep 05, 2010 8:27 pm

Maybe I am not following, this will change any gw with 250 to 255, then both load groups go via gw 255. Now can not separate them again, as they identical Both gateways area active (load balancing), unless one falls over then, the failed GW is routed to the remaining active gateway, which is why I thought searching it on the "Comment" or maybe even "routing mark" field would be the easiest....

then use your

:foreach i in=[find comment="Group B"]

instead of

:foreach i in=[find]

- I just showed you an example =)

mandobasha · Sun Nov 02, 2014 5:58 am

i need help with this code

:set datadown [/ip hotspot active get $counter bytes-out]
:if ([/ip hotspot active get $counter bytes-out] ="0") do={

i only want to check if this user is already limited or not so if not i will auto limit him .. thats it :/

p3rad0x · Thu Aug 04, 2016 1:35 pm

Hi,

Could anyone help me to do the same but with default authenticate and forward?

if they are enabled disable them, else do nothing

p3rad0x · Thu Aug 04, 2016 4:02 pm

Ok I solved it without using a if statement.

:foreach i in=[interface wireless find default-forwarding=yes] do={/interface wireless set $i default-forwarding=no}
:foreach i in=[interface wireless find default-authentication=yes] do={/interface wireless set $i default-authentication=no}
:foreach i in=[interface wireless find hide-ssid=no] do={/interface wireless set $i hide-ssid=yes}

Chupaka · Thu Aug 04, 2016 4:16 pm

Ok I solved it without using a if statement.

:foreach i in=[interface wireless find default-forwarding=yes] do={/interface wireless set $i default-forwarding=no}
:foreach i in=[interface wireless find default-authentication=yes] do={/interface wireless set $i default-authentication=no}
:foreach i in=[interface wireless find hide-ssid=no] do={/interface wireless set $i hide-ssid=yes}

this should do the same:

/interface wireless set [find] default-forwarding=no default-authentication=no hide-ssid=yes

p3rad0x · Wed Aug 10, 2016 11:33 am

Thanks,

I have ran into a different issue.

When I try and add a script via the terminal

/system script add name=test source=":foreach i in=[interface wireless find default-forwarding=yes] do={/interface wireless set $i default-forwarding=no}"

The script gets added,but the $i doesn't get added, then the last part looks like this

do={/interface wireless set default-forwarding=no}

Why is it losing the $i?

Reason for using the foreach is that some of the sectors have more than one virual ap

p3rad0x · Wed Aug 10, 2016 2:39 pm

Ok problem solved.

All I did is manually add a script, then I exported the config to a file.

Now it works 100%

soheiliz · Mon Aug 10, 2020 10:19 am

Dears,

I am trying to use this script to check two-parameter but it just executes without any action.

:foreach i in=[ip firewall nat find action=masquerade chain=srcnat src-address-list=no dst-address-list=no ] do={/ip firewall nat set src-address-list=AllowedSrc dst-address-list=AllowedDst}

I'd like to check inside of my NAT if the "src-address-list & dst-address-list" exist do nothing and IF they are not specified and not exist add "src-address-list=AllowedSrc" & dst-address-list=AllowedDst

I would be very grateful if someone helps me with this issue.

CZFan · Mon Aug 10, 2020 11:19 am

Dears,

I am trying to use this script to check two-parameter but it just executes without any action.

:foreach i in=[ip firewall nat find action=masquerade chain=srcnat src-address-list=no dst-address-list=no ] do={/ip firewall nat set src-address-list=AllowedSrc dst-address-list=AllowedDst}

I'd like to check inside of my NAT if the "src-address-list & dst-address-list" exist do nothing and IF they are not specified and not exist add "src-address-list=AllowedSrc" & dst-address-list=AllowedDst

I would be very grateful if someone helps me with this issue.

I take no responsibility, so do backup of config before!!
Have not tested, but try below in terminal window after doing above

{
:foreach i in=[ip firewall nat find where action="masquerade" && chain="srcnat" && src-address-list="no" && dst-address-list="no"]
do={/ip firewall nat set src-address-list=AllowedSrc dst-address-list=AllowedDst}
}

soheiliz · Mon Aug 10, 2020 1:15 pm

Dear CZFan

Many thanks for your response, Unfortunately, it didn't solve the issue.
If I use below script I have to add number but I cant because I have many Mikrotik routers with several NAT I have to add src and dst address list by one script.
:if [/ip firewall nat find action=masquerade chain=srcnat] do={/ip firewall nat set src-address-list="AllowedSrc" dst-address-list="AllowedDst"}

Best Regards,

msatter · Mon Aug 10, 2020 2:07 pm

{
/ip firewall nat
set [find action=masquerade chain=srcnat] src-address-list="AllowedSrc" dst-address-list="AllowedDst"
}

My guess and have RouterOS do the work. If dst/src address already exists then those are overwritten by the new values.

If you only want to apply to lines that have no src-address-list active:

{
/ip firewall nat
set [find action=masquerade chain=srcnat src-address-list=""] src-address-list="AllowedSrc" dst-address-list="AllowedDst"
}

soheiliz · Mon Aug 10, 2020 2:28 pm

{
/ip firewall nat
[set [find masquerade chain=srcnat] src-address-list="AllowedSrc" dst-address-list="AllowedDst"]
}
My guess.

Dear msatter,
BINGO!!! That is a good solution and answered. Thanks a million for your idea. It helps me a lot.

But the point is that it set src-address-list=AllowedSrc and dst-address-list=AllowedDst for all the existed NAT. I have several NAT which one of them should be changed and I am searching for somthing that compare and check the parameters and at last change as my need.

Best Regards,

msatter · Mon Aug 10, 2020 2:37 pm

How do you recognize those different NAT lines?

You can put several "set" lines in a sequence however that will make things much more tricky.

I have added a extra set to my earlier post which only changes lines where there are no src-address-list active on the moment.

Tip: you can set a identifier to the comment field to make them unique:

{
/ip firewall nat
# only marked and no src-address-list present
set [find action=masquerade chain=srcnat src-address-list="" comment="only-src-address-list"] src-address-list="AllowedSrc"
# only marked and no dst-address-list present
set [find action=masquerade chain=srcnat dst-address-list="" comment="only-dst-address-list"] dst-address-list="AllowedDst"
# all the rest which have no address-list attached to them
set [find action=masquerade chain=srcnat src-address-list="" dst-address-list=""] src-address-list="AllowedSrc" dst-address-list="AllowedDst"
}

Update, only change already active and if both are present the also both are changed:

{
/ip firewall nat
set [find action=masquerade chain=srcnat src-address-list=""] src-address-list="AllowedSrc"
set [find action=masquerade chain=dstnat dst-address-list=""] dst-address-list="AllowedDst"
}

etc.....you can create any combination you want now.

msatter · Mon Aug 10, 2020 3:06 pm

You removed your previous posting and this will do what you asked for. Replace the lists on lines with only one of them active and and the last code line set all the lines that have no address-list already present.

{
/ip firewall nat
set [find action=masquerade chain=srcnat src-address-list!="" dst-address-list=""] src-address-list="AllowedSrc"
set [find action=masquerade chain=dstnat dst-address-list!="" src-address-list=""] dst-address-list="AllowedDst"
set [find action=masquerade chain=dstnat dst-address-list="" src-address-list=""] src-address-list="AllowedSrc" dst-address-list="AllowedDst"
}

!="" stands for that the field has an value (not empty).

soheiliz · Mon Aug 10, 2020 3:24 pm

{
/ip firewall nat
set [find action=masquerade chain=srcnat src-address-list!="" dst-address-list=""] src-address-list="AllowedSrc"
set [find action=masquerade chain=dstnat dst-address-list!="" src-address-list=""] dst-address-list="AllowedDst"
set [find action=masquerade chain=dstnat dst-address-list="" src-address-list=""] src-address-list="AllowedSrc" dst-address-list="AllowedDst"
}

!="" stands for that the field has a value (not empty).
[/quote]

They all great and so useful, but after executing all of my NAT lines fill up and the value get AllowedSrc and AllowedDst

Annotation 2020-08-10 165734.jpg

(Exactly that is the point!!
I have 3 NAT lines which one of them doesn't have src-address-list and dst-address-list and the next one has just the dst-address-list and the last one has just src-address-list so I want to edit and set one of the 3 NAT lines. I test the script it set and fill up all the empty ones with AllowedSrc or AllowedDst.)

Bests,

soheiliz · Mon Aug 10, 2020 3:37 pm

I mean that I want to edit just one NAT line and set AllowedSrc & AllowedDst but according to the script it doesn't do any action:
{
/ip firewall nat
set [find action=masquerade chain=srcnat dst-address-list="" src-address-list=""] src-address-list="AllowedSrc" dst-address-list="AllowedDst"
}

and these are changed other NAT lines too :
{
set [find action=masquerade chain=srcnat src-address-list!="" dst-address-list=""] src-address-list="AllowedSrc"
set [find action=masquerade chain=srcnat dst-address-list!="" src-address-list=""] dst-address-list="AllowedDst"
}

Bests,

soheiliz · Mon Aug 10, 2020 3:47 pm

You know I have more than 500 Mikrotik routers that most of them haven't any comment in the NAT and some of them have just one NAT line and most of them have 3 or 4 NAT lines I have to run a script which does an action on the exact NAT line that I want.
Is it possible to run any script which checks the NAT lines and if the src-address-list is AllowedSrc and the dst-address-list is AllowedDst do nothing and notify me? It can help me too.

Many thanks for your guides.

Bests,

msatter · Mon Aug 10, 2020 4:15 pm

This rather specific and you better open a separate topic about that.

You have tell which way of communication you want to use and which specific information you want to know.

With what wrote you can make any selection and if some similar lines have to be treathed differently only marking them in comments is the way I know.

Chupaka · Tue Aug 11, 2020 5:42 pm

I believe that's what you're looking for:

find !src-address-list !dst-address-list

soheiliz · Sun Aug 16, 2020 10:32 am

I believe that's what you're looking for:
Code: Select all
find !src-address-list !dst-address-list

Dear Chupaka

unfortunately, it doesn't work.

Bests Regards

CZFan · Sun Aug 16, 2020 10:13 pm

This should set src/dst address lists where both are none

{
:foreach i in=[ip firewall nat find where action="masquerade" && chain="srcnat" && !src-address-list && !dst-address-list]
do={/ip firewall nat set src-address-list=AllowedSrc dst-address-list=AllowedDst}
}

soheiliz · Mon Aug 17, 2020 8:51 am

This should set src/dst address lists where both are none

{
:foreach i in=[ip firewall nat find where action="masquerade" && chain="srcnat" && !src-address-list && !dst-address-list]
do={/ip firewall nat set src-address-list=AllowedSrc dst-address-list=AllowedDst}
}

Dear CZFan

Many thanks for your attention, it is a good way but it asks the Number of NAT line which want to change, unfortunately, I have several NAT lines and it is not specified which line needs to be changed. I mean that in one Mikrotik router line number 2 should be changed and in other one line, number 0 should be changed. Generally, it doesn't change the one which has empty SRC & DST list.

Bests Regards,

CZFan · Mon Aug 17, 2020 5:08 pm

apologies, left out the reference to the variable ($i) in the "do" statement, try below:

{
:foreach i in=[/ip firewall nat find where action="masquerade" && chain="srcnat" && !src-address-list && !dst-address-list] \
do={/ip firewall nat set $i src-address-list=AllowedSrc dst-address-list=AllowedDst}
}

soheiliz · Sun Aug 23, 2020 11:39 am

apologies, left out the reference to the variable ($i) in the "do" statement, try below:
Code: Select all
{
:foreach i in=[/ip firewall nat find where action="masquerade" && chain="srcnat" && !src-address-list && !dst-address-list] \
do={/ip firewall nat set $i src-address-list=AllowedSrc dst-address-list=AllowedDst}
}

Dear CZfan,

I really appreciate it, it solved the problem. so many thanks for your help. ;)

Best Regards,

y2000rtc · Sat Oct 22, 2022 6:40 pm

Hi guys,
I have read too many posts here but on my bad I haven't found asnwer to my question.
Also I can see thats someone from CzechRep is answering.

CZFan Zdarec

What I would like to ask you men.
I want to create script:
IF wireless wlan1 hide-ssid=no do hide-ssid:=yes
else
hide-ssid:=no.
I want to use MODE button on "LtAP mini LTE kit" for to start script for to switching hide-ssid on wlan1.
If you will find any time for me, will be glad.
Thanks, Zdenek

Sob · Sat Oct 22, 2022 8:29 pm

You almost made it yourself, just few more characters is needed:

:if ([/interface wireless get wlan1 hide-ssid]) do={
  /interface wireless set wlan1 hide-ssid=no
} else={
  /interface wireless set wlan1 hide-ssid=yes
}

Jotne · Sat Oct 22, 2022 9:01 pm

A minor change of Sobs post to set wifi interface only once:

:local Wlan [find name=wlan1]
/interface wireless 
:if [get $Wlan hide-ssid] do={
	set $Wlan hide-ssid=no
} else={
	set $Wlan hide-ssid=yes
}

One-liner

:local Wlan [find name=wlan1];/interface wireless;:if [get $Wlan hide-ssid] do={set $Wlan hide-ssid=no} else={set $Wlan hide-ssid=yes}

Add the script to mode or reset button onder System->RouterBOARD->Mode Button (or reset)

y2000rtc · Sat Oct 22, 2022 10:22 pm

Many thanks guys,
I know many languages based on my work (PLC, robotics, mobile vehicles) but scripts for MT is
totaly new one for me

One question yet, have you tried or is it possible to use script with loop inside? Something like do/while for to make run
onetime and it will run until some conditions?
Why I'm asking. I mounted MT on firefighter truck with L2TP and ipSec VPN tunnel and I'm using GPS tracking on my website.
But I was suprised that script is introduced for scheduler and every single second started.
Thats why I'm asking. If is possible to run script one time and will run after any variable will be changed (the button for example)

I'm so glad to be part of this Mikrotik group. I'm learning that already 16 years and still I will find something new

Have a great sunday guys.
Zdenek

Jotne · Sat Oct 22, 2022 10:52 pm

RouterOS script is very versatile and do almost anything. It can be triggered on multiple condition, like time, button, test on remote web site +++
Do a search for script here on this site and you find a lot. I do use a large script to collect logging information to Splunk. See my signature for more details.

Chupaka · Sun Oct 23, 2022 1:16 am

Btw, the real one-liner is

/interface wireless set wlan1 hide-ssid=(![get wlan1 hide-ssid])

Sorry, no if-else used

rextended · Sun Oct 23, 2022 2:02 am

If you must invert status of hide-ssd each time the script is called, this from @Chupaka is perfect:

/interface wireless set wlan1 hide-ssid=(![get wlan1 hide-ssid])

But if you want created two separate script, one for set hide-ssid on, and one for set hide-ssid off regardeless on what already is,
for not disrupt uselessly the connection already registered, is better check first if is already how we want set it, like @Jotne script.

# force show the ssid
/interface wireless; :if [get wlan1 hide-ssid] do={set wlan1 hide-ssid=no}

# force hide the ssid
/interface wireless; :if (![get wlan1 hide-ssid]) do={set wlan1 hide-ssid=yes}

Same on one line without if/else

# force show the ssid
/interface wireless set [find name=wlan1 and hide-ssid] hide-ssid=no

# force hide the ssid
/interface wireless set [find name=wlan1 and !hide-ssid] hide-ssid=yes

Jotne · Sun Oct 23, 2022 10:25 am

This just shows that script can be done in many ways. One thing to remember, hiding ssid will not prevent user that already has connected to it to reconnect even if its hidden.

y2000rtc · Sun Oct 23, 2022 5:31 pm

Thanks a lot guys again. I know that wifi is still alive when SSID is hidden but for my work is the best that only I know to connect based on my known wifi profile.

For all others is not necessary to know that exists.

I will save all these scripts to learn it as well.
Thanks again men.

Zdenek

anc · Wed Nov 08, 2023 1:46 pm

I was faced the task of replacing rules in firewall nat. Necessary to find several masquerading rules, delete 'em and add own rule to the top.

/ip firewall nat
remove [find action=masquerade]
add action=masquerade chain=srcnat out-interface-list=WAN place-before=0

The task is made more difficult by the fact that on some routers there is only one rule and place-before=0 gives an error. How to write a condition under which if there is only one masquerading rule in nat, then it would be deleted and a new one would be written?

rextended · Wed Nov 08, 2023 4:17 pm

0 do not exist, and is wrong use numbers or IDs on script.

first check how many rules are presents, if present at least one execute the command wiith place-before=([find]->0) else with nothing.

anav · Wed Nov 08, 2023 6:53 pm

Thanks a lot guys again. I know that wifi is still alive when SSID is hidden but for my work is the best that only I know to connect based on my known wifi profile.
For all others is not necessary to know that exists.
I will save all these scripts to learn it as well.
Thanks again men.
Zdenek

False security!!
Hiding the SSID, does nothing. Imagine SSID is the light bulb outside the door which illuminates the door.
Anyone walking by can see the light and thus the door, but so what, they dont have the key to the door but they are not interested in that door anyway. They have a separate door they use around the corner.

The people you should be concerned about bring their own flashlight, they can shine the flashlight on the door. They are interested mainly in doors where someone has closed the light. In fact they bring extra equipment to create a master key and are motivated to crack open that door.

So in summary, you are actually inviting trouble by hiding SSID.

rextended · Wed Nov 08, 2023 6:56 pm

And I thought I was the one with the twisted thinking...

However, I agree: Something (falsely) hidden attracts more attention...

anav · Wed Nov 08, 2023 7:06 pm

I sent you an email but please ignore it, will send another one to replace it. My thinking was too scatterbrained to waste any energy on. I imagine, your to busy pumping water out of your home or something similar........ moved to living in an ark!!

rextended · Thu Nov 09, 2023 1:13 am

Thanks for the thought

Luckily I don't live in those areas, I'm not stupid enough to live in a house built next to a river bed...
My house can only be hit by earthquakes... or from some mad dictator...

anc · Thu Nov 09, 2023 9:48 am

0 do not exist, and is wrong use numbers or IDs on script.

first check how many rules are presents, if present at least one execute the command wiith place-before=([find]->0) else with nothing.

I'm faced with the task of writing a universal rule that would put masquerade rule anyway on the first place, no matter if there are any other rules there or if this section is empty, so in this case command "place-before=([find]->0)" doesn't work.

rextended · Thu Nov 09, 2023 10:28 am

so in this case command "place-before=([find]->0)" doesn't work.

I see you read what I wrote... yes, but whatever you like...

anav · Thu Nov 09, 2023 4:18 pm

Well a building could fall on your house --- https://www.youtube.com/watch?v=x0247YjHKeM
New email sent.

rextended · Thu Nov 09, 2023 4:21 pm

No-no, is the only house within 600 meters...