RouterOS Italia

Versione completa: [Mikrotik] Sync Address List with DNS Cache
Al momento stai visualizzando i contenuti in una versione ridotta. Visualizza la versione completa e formattata.
This script will update an address list from a given DNS cache search. This address list can then be used for example in Firewall settings.
Codice:
# Sync an address list with DNS cache

Codice:
# Version: 1.0.0

Codice:
# This script currently only works with type A and non-static DNS records.

Codice:
# If no matching DNS records are found:

Codice:
#    the address list is removed.

Codice:
# If matching DNS records are found:

Codice:
#    if an address list entry is NOT found in search result, it is removed.

Codice:
#    if an address list entry IS found in search result, is not modified.

Codice:
#    if a search result is NOT found in address list, it is added.

Codice:
#

Codice:
# Search string format:

Codice:
#   "(:|=|~)<search string>"

Codice:
#   :   match string anywhere

Codice:
#   =  match string exactly (case sensitive)

Codice:
#   ~  match string using regular expression (requires ROS >= v3.23)

Codice:
#

Codice:
# Example:  To search all records containing 'google.com':

Codice:
#                  :local search ":google.com"

Codice:
#

Codice:
#                  To search all records ending with 'microsoft.com':

Codice:
#                  :local search "~microsoft\\.com\$"

Codice:
:local search ":google.com"


Codice:
# The prefix of address list ("" = none)

Codice:
:local listprefix "DNSCache_"



Codice:
# Internal processing...

Codice:
:local IPs ""

Codice:
:local Names ""

Codice:
:local sop [:pick [:tostr $search] 0 1]

Codice:
:set search [:pick [:tostr $search] 1 [:len [:tostr $search]]]

Codice:
/ip dns cache all {

Codice:
  :local findex; :local property; :local value; :local name; :local type; :local data

Codice:
  :local sfound 0


Codice:
  :foreach rule in=[print detail as-value where static=no] do={

Codice:
     :set name ""; :set type ""; :set data ""


Codice:
     :foreach item in=$rule do={

Codice:
        :set findex [:find [:tostr $item] "="]

Codice:
        :set property [:pick [:tostr $item] 0 $findex]

Codice:
        :set value [:pick [:tostr $item] ($findex + 1) [:len [:tostr $item]]]


Codice:
        :if ($property = "name") do={ :set name $value }

Codice:
        :if ($property = "type") do={ :set type $value }

Codice:
        :if ($property = "data") do={ :set data $value }

Codice:
     }


Codice:
#   Search DNS cache name using specified operator

Codice:
     :set sfound 0

Codice:
     :if ($sop = ":") do={

Codice:
        :if ([:find [:tostr $name] [:tostr $search]] != "" && $type = "A") do={ :set sfound 1 }

Codice:
     }

Codice:
     :if ($sop = "=") do={

Codice:
        :if ([:tostr $name] = [:tostr $search] && $type = "A") do={ :set sfound 1 }

Codice:
     }

Codice:
     :if ($sop = "~") do={

Codice:
        :if ([:tostr $name] ~ [:tostr $search] && $type = "A") do={ :set sfound 1 }

Codice:
     }

Codice:
     :if ($sfound = 1) do={

Codice:
#         :put ("Found " . $name . " -> " . $data)

Codice:
        :set IPs ($IPs . $data . ",")

Codice:
        :set Names ($Names . $name . ",")

Codice:
     }

Codice:
  }

Codice:
# /ip dns cache all

Codice:
}


Codice:
:put ("DNS cache search found " . [:len [:toarray $IPs]] . " match(es) for '" . $search . "'")


Codice:
# Search through IPs and add to address list

Codice:
/ip firewall address-list {

Codice:
  :local findex; :local listaddr; :local IPsFound ""


Codice:
  :put ("Searching address list '" . ($listprefix . [:tostr $search]) . "'...")

Codice:
  :foreach l in=[find list=($listprefix . [:tostr $search])] do={

Codice:
     :set listaddr [get $l address]

Codice:
     :if ([:len [:find [:toarray $IPs] [:toip $listaddr]]] = 0) do={

Codice:
        :put ("   " . $listaddr . " not found in search, removing...")

Codice:
        remove $l

Codice:
     } else={

Codice:
#         :put ($listaddr . " found address in IPs")

Codice:
        :set IPsFound ($IPsFound . $listaddr . ",")

Codice:
     }

Codice:
  }


Codice:
# Add remaining records to address list

Codice:
  :set findex 0

Codice:
  :foreach ip in=[:toarray $IPs] do={

Codice:
     :if ([:len [:find [:toarray $IPsFound] [:toip $ip]]] = 0) do={

Codice:
        :put ("   Adding address " . $ip)

Codice:
        add list=($listprefix . $search) address=[:toip $ip] comment=([:pick [:toarray $Names] $findex]) disabled=no

Codice:
     }

Codice:
     :set findex ($findex + 1)

Codice:
  }

Codice:
# /ip firewall address-list