Page 1 of 1
IP address list export script
Posted: Thu Aug 09, 2018 1:53 pm
by MikroX
Dear community,
I'm struggling with creating a script capable to export one of my static firewall Address Lists, named ssh_blacklist, to a .rsc file. I tried doing so with:
/ip firewall address-list print where list="ssh_blacklist" ; export file=ssh_blasklist.rsc
- but it didn't work
/ip firewall address-list find ssh_blacklist ; export file=ssh_blasklist.rsc
- also didn't work
Any ideas?
Re: IP address list export script
Posted: Tue Dec 25, 2018 12:34 pm
by ronix
Dear
you can use this script to print it to txt file
/ip firewall address-list print file=ssh_blacklist where list=ssh_blacklist
Re: IP address list export script
Posted: Fri Dec 28, 2018 6:50 am
by ericksetiawan
Try this:
{
:local listName "Server"; #change this
:local fileName "exported.rsc"; #change this
:local buffer;
:global filteredList [/ip firewall address-list print as-value where list=$listName && dynamic=no];
:foreach i in=$filteredList do={
:set $buffer ($buffer."add list=".$listName." address=".$i->"address"."; ");
};
/file print file=$fileName where name="";
:delay 1s;
:set $buffer ("/ip firewall address-list; ".$buffer);
/file set $fileName contents=$buffer;
}
: Please note that there is variable size limitation in RouterOS. It will affect your file result.
Re: IP address list export script
Posted: Fri Dec 28, 2018 9:54 am
by Jotne
Why do you like to export it?
If it is to examine the address, you can use send log hits to Syslog.
I do have black list for any trying a blocked port on my router. If you enter this log, router sends a message to my Syslog server (Splunk)
In Splunk I can see all IP address who and when they got in the log.
Here you can see how has tried to access my RDP, but ended are in a block access list.
blcok_list.jpg
See my signature for more info.
Re: IP address list export script
Posted: Sun Oct 25, 2020 8:15 pm
by SimonThomasen
Why? To download the RSC from another router and have it automatically imported there :)
But since it is put in a string, the limit here is 4 kilobytes - am I right? because a complete write with "file set" is used -
What other ways are there to write to a file, to append to it??
Re: IP address list export script
Posted: Sun Oct 25, 2020 8:42 pm
by msatter
There are several ways to do this and I have written a backup and restore especially for interchanging between different routers. The focus is on keeping the filesize as low as possible.
It is close to RC and I was distacted by other projects so it went down the pile of other things. If you want you could help me with testing.
You can select one address-list at the time and that is a limitation as there is no way to restore dynamic entries without a timeout. But you can ignore them on restore so that they are kept on the target router.
It creates RSC files, importing those is simple and easy to be automated, that also apply to the backup.