Address list management on MikroTik

Share your Config Push presets or discuss automation in general
Post Reply
User avatar
Tomas
Posts: 1048
Joined: Sat Jun 25, 2016 12:33 pm

Mon Aug 30, 2021 3:51 pm

Script to manage address lists on MikroTik RouterOS. The aim is to drop this into a Config Push preset and be able to push it to your entire network at any time (or on schedule) to make sure address list contents are standardized across the network. We use it for managing our address lists in all our firewalls.

This script is idempotent - it won't cause any issues if ran multiple times, or if some addresses it manages already exist. It will remove all addresses not specified in the "addresses" array out of the list. If an address already exists, it will be retained in the list.

Code: Select all

:do {
  # set your list name and addresses desired in the list
  :local listName "testList"
  :local addresses {"1.1.1.1"; "2.2.2.2"}

  # do not modify past this point
  /ip firewall address-list
  :local existing [find list=$listName]
  
  :foreach r in=$existing do={
    :local shouldDelete true

    # this is inefficient, but ROS scripting has no way to break out of a loop :(
    :foreach a in=$addresses do={
      :if ([get $r address] = $a) do={
        :set shouldDelete false
      }
    }

    :if $shouldDelete do={
      remove $r
    }
  }

  :foreach a in=$addresses do={
    :if ([:len [find list=$listName address=$a]] = 0) do={
      add list=$listName address=$a
    }
  }
} on-error={
  :put "Error - failed to apply address list configuration!"
}
This script is a little processing heavy due to ROS scripting syntax limitations - it will cause high load if the address list managed is large (100+ entries).
SnowCrash
Posts: 3
Joined: Fri Dec 10, 2021 6:06 pm
Location: Northern Minnesota

Fri Dec 10, 2021 6:56 pm

This sweet little script seems to be working as advertised. One question though, is there a way to add a comment to each address as they get added?

Thanks
User avatar
Tomas
Posts: 1048
Joined: Sat Jun 25, 2016 12:33 pm

Mon Dec 20, 2021 2:58 pm

SnowCrash wrote:
Fri Dec 10, 2021 6:56 pm
This sweet little script seems to be working as advertised. One question though, is there a way to add a comment to each address as they get added?
Sure, here is a modification that includes setting descriptions:

Code: Select all

:do {
  # set your list name and addresses desired in the list
  :local listName "testList"
  :local addresses {"1.1.1.1"="some_comment"; "2.2.2.2"="a_different_comment"}

  # do not modify past this point
  /ip firewall address-list
  :local existing [find list=$listName]
  
  :foreach r in=$existing do={
    :local shouldDelete true

    # this is inefficient, but ROS scripting has no way to break out of a loop :(
    :foreach a,c in=$addresses do={
      :if ([get $r address] = $a) do={
        set $r comment=$c
        :set shouldDelete false
      }
    }

    :if $shouldDelete do={
      remove $r
    }
  }

  :foreach a,c in=$addresses do={
    :if ([:len [find list=$listName address=$a]] = 0) do={
      add list=$listName address=$a comment=$c
    }
  }
} on-error={
  :put "Error - failed to apply address list configuration!"
}
SnowCrash
Posts: 3
Joined: Fri Dec 10, 2021 6:06 pm
Location: Northern Minnesota

Thu Dec 30, 2021 2:07 pm

Perfect,
Thanks
Post Reply