This script will do what you are asking. You need to change the IP address, user, and password to match router 2. The script loops through all dynamic address list entries on the router 1, writes them to an auto.rsc file, and uploads it to router 2. On router 2, the uploaded script adds static address list entries and cleans up any old ones that were previously added.
This should be used with the scheduler to run however often you want.
* NOTE * The
first time you run the script on router 1, it will create the file on the router 2, but the script will
not be executed. I think this is a
bug. Every time you run the script after this, the script is executed and works just fine.
{
# configure remote router info
:local ip 172.10.10.10;
:local user admin;
:local pass password;
# navigate to address lists
/ip firewall address-list
# initial file setup on local router
:if ([:len [/file find name="DAddrListMirror.txt"]] != 1) do={
/file print file=DAddrListMirror
:delay 2s;
/file set DAddrListMirror.txt contents="";
}
# set variables
:local addresses;
:local lists;
# loop through all dynamic entries, appending address and list values
:foreach i in=[find where dynamic=yes] do={
:set addresses ($addresses . "$[get $i address],");
:set lists ($lists . "$[get $i list],");
}
# create time stamp variable, used to keep track of new dynamic entries
:local tstamp "DMirror$[/system clock get time]";
# create script for other router
:local output "# Script to update Address Lists with dynamic entries from other router\r\n\r\n";
# create time stamp variable
:set output ($output . ":local tstamp $tstamp\r\n\r\n");
# create lists and addresses variables, convert to arrays
:set output ($output . ":local lists $lists\r\n");
:set output ($output . ":local listsArray [:toarray \$lists];\r\n");
:set output ($output . ":local addresses $addresses\r\n");
:set output ($output . ":local addressesArray [:toarray \$addresses];\r\n\r\n");
# navigate to address lists
:set output ($output . "/ip firewall address-list\r\n");
# loop through arrays, creating firewall rules with time stamp comment
:set output ($output . ":for i from=0 to=( [:len \$listsArray] - 1) do={add address=[:pick \$addressesArray \$i] list=[:pick \$listsArray \$i] disabled=no comment=\$tstamp}\r\n\r\n");
# clean up any old address list entries
:set output ($output . "# Cleanup, remove old dynamic entries\r\n");
# loop through all DMirror comment entries, remove ones that do not match current time stamp
:set output ($output . ":foreach i in=[find where comment~\"DMirror\"] do={:if ([get \$i comment] != \$tstamp) do={remove \$i}}\r\n\r\n");
:set output ($output . "# END");
# write output to a file
/file set DAddrListMirror.txt contents=$output;
# upload file to remote router as *.auto.rsc, so file will execute on upload
# first time file is uploaded, the file will NOT execute (bug?). After that it works fine.
/tool fetch address=$ip src-path=DAddrListMirror.txt user=$user mode=ftp password=$pass dst-path=DAddrListMirror.auto.rsc port=21 upload=yes;
}
