hi,
is there a config block comliance feature. For example ... each interface has to have some command configured. So you define BLOCK with start/end command for interface and then seek for these specific command in each block?
br
config block compliance
Hi,
This is coming in 2.10.0. We are adding "Strict" and "Sequential" matching modes to Compliance rules.
Strict - the block of text in the compliance condition has to be present in the device config exactly as-is
Sequential - each line of the compliance condition has to be present in the device config, in the order that's specified
Presence (current) - each line of the compliance condition just has to be present in the device config somewhere, independent of order
The "Strict" matching mode will do exactly what you are asking for
This is coming in 2.10.0. We are adding "Strict" and "Sequential" matching modes to Compliance rules.
Strict - the block of text in the compliance condition has to be present in the device config exactly as-is
Sequential - each line of the compliance condition has to be present in the device config, in the order that's specified
Presence (current) - each line of the compliance condition just has to be present in the device config somewhere, independent of order
The "Strict" matching mode will do exactly what you are asking for
Good news is you can already do this with a combination of MikroTik scripting and even with our current compliance engine. Create a Config Push preset with this Tik script:
Code: Select all
{
/ip address
:foreach i in=[find interface ~ "ether"] do={
:local iname [get $i interface]
:if ([/interface ethernet get $iname arp] ~ "proxy") do={:put "ERROR - Interface $iname has proxy-arp on"}
}
}
This will fail if there are any "proxy-arp" interfaces.