[Mikrotik follow-up needed] Address Lists

jeroenp · Mon Oct 10, 2016 6:57 pm

A few things I wonder after reading http://wiki.mikrotik.com/wiki/Manual:IP ... dress_list are these:

- Can you recurse Address Lists?

For example, does this work?

/ip firewall address-list add list=LAN_local address=192.168.71.0/24
/ip firewall address-list add list=LANs_remote address=192.168.124.0/24
/ip firewall address-list add list=LANs_remote address=192.168.171.0/24
/ip firewall address-list add list=LANs_remote address=192.168.172.0/24
/ip firewall address-list add list=LANs_remote address=192.168.178.0/24
/ip firewall address-list add list=LANs_all address=LAN_local
/ip firewall address-list add list=LANs_all address=LANs_remote

- Can you use Address Lists outside the firewall realm?

For instance under `/ip service` in the `address` field or in static IP addresses.

--jeroen

Mon Oct 10, 2016 8:41 pm

No. Text supplied in the address field is interpreted as a hostname, which will be resolved in DNS and the results added to the list as dynamic entries having a timeout value equal to the TTL received in the DNS response.

pe1chl · Mon Oct 10, 2016 9:23 pm

Support for this could probably be added easily, as the underlying Linux ipset mechanism already supports it:

list:set
The list:set type uses a simple list in which you can store set names.

By the ipset commad you can add, delete and test set names in a
list:set type of set.

By the set match or SET target of netfilter you can test, add or delete
entries in the sets added to the list:set type of set.

[Mikrotik follow-up needed] Address Lists

[Mikrotik follow-up needed] Address Lists

Re: Address Lists

Re: Address Lists