Page 1 of 1

Address list management on MikroTik

Posted: Mon Aug 30, 2021 3:51 pm
by Tomas
Script to manage address lists on MikroTik RouterOS. The aim is to drop this into a Config Push preset and be able to push it to your entire network at any time (or on schedule) to make sure address list contents are standardized across the network. We use it for managing our address lists in all our firewalls.

This script is idempotent - it won't cause any issues if ran multiple times, or if some addresses it manages already exist. It will remove all addresses not specified in the "addresses" array out of the list. If an address already exists, it will be retained in the list.

Code: Select all

:do {
  # set your list name and addresses desired in the list
  :local listName "testList"
  :local addresses {"1.1.1.1"; "2.2.2.2"}

  # do not modify past this point
  /ip firewall address-list
  :local existing [find list=$listName]
  
  :foreach r in=$existing do={
    :local shouldDelete true

    # this is inefficient, but ROS scripting has no way to break out of a loop :(
    :foreach a in=$addresses do={
      :if ([get $r address] = $a) do={
        :set shouldDelete false
      }
    }

    :if $shouldDelete do={
      remove $r
    }
  }

  :foreach a in=$addresses do={
    :if ([:len [find list=$listName address=$a]] = 0) do={
      add list=$listName address=$a
    }
  }
} on-error={
  :put "Error - failed to apply address list configuration!"
}
This script is a little processing heavy due to ROS scripting syntax limitations - it will cause high load if the address list managed is large (100+ entries).

Re: Address list management on MikroTik

Posted: Fri Dec 10, 2021 6:56 pm
by SnowCrash
This sweet little script seems to be working as advertised. One question though, is there a way to add a comment to each address as they get added?

Thanks

Re: Address list management on MikroTik

Posted: Mon Dec 20, 2021 2:58 pm
by Tomas
SnowCrash wrote:
Fri Dec 10, 2021 6:56 pm
This sweet little script seems to be working as advertised. One question though, is there a way to add a comment to each address as they get added?
Sure, here is a modification that includes setting descriptions:

Code: Select all

:do {
  # set your list name and addresses desired in the list
  :local listName "testList"
  :local addresses {"1.1.1.1"="some_comment"; "2.2.2.2"="a_different_comment"}

  # do not modify past this point
  /ip firewall address-list
  :local existing [find list=$listName]
  
  :foreach r in=$existing do={
    :local shouldDelete true

    # this is inefficient, but ROS scripting has no way to break out of a loop :(
    :foreach a,c in=$addresses do={
      :if ([get $r address] = $a) do={
        set $r comment=$c
        :set shouldDelete false
      }
    }

    :if $shouldDelete do={
      remove $r
    }
  }

  :foreach a,c in=$addresses do={
    :if ([:len [find list=$listName address=$a]] = 0) do={
      add list=$listName address=$a comment=$c
    }
  }
} on-error={
  :put "Error - failed to apply address list configuration!"
}

Re: Address list management on MikroTik

Posted: Thu Dec 30, 2021 2:07 pm
by SnowCrash
Perfect,
Thanks