duhast · September 22, 2023 12:15
diff --git a/cidrs-to-lists.txt b/cidrs-to-lists.txt
 :foreach id in=[/ip addr find] do={
  :local intInterface [/ip addr get $id interface];
  :local intAddrList "$intInterface-addr";
  :local intOldAddr "";
  :local intCidrBlock "";

  :local intCidrAddr [/ip address get [/ip address find interface=$intInterface disabled=no] address];
  :local intNetAddr [/ip address get [/ip address find interface=$intInterface disabled=no] network];
  :set intCidrBlock "$intNetAddr/$[:pick $intCidrAddr ([:find $intCidrAddr "/"]+1) [:len $intCidrAddr]]";
  :log info "Current $intInterface CIDR is $intCidrBlock";

  :if ([:len [/ip firewall address-list find list="$intAddrList"]] > 0) do={
    :set intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$intAddrList] address];
    :if ($intOldAddr != $intCidrBlock) do={
      /ip firewall address-list set [/ip firewall address-list find list=$intAddrList address=$intOldAddr] address=$intCidrBlock;
      :log info "CIDR of $intInterface has been changed from $intOldAddr to $intCidrBlock";
    } else={
      :log info "CIDR of $intInterface has not been changed";
    };
  } else={
    /ip firewall address-list add list=$intAddrList address=$intCidrBlock;
    :log info "New CIDR $intCidrBlock for $intInterface has been added";
  };
 };
diff --git a/dhcp_add_dns_static.txt b/dhcp_add_dns_static.txt
 # DNS TTL to set for DNS entries
 :local dnsttl "11:59:59";

 ###
 # Script entry point
 #
 # Expected environment variables:
 # leaseBound         1 = lease bound, 0 = lease removed
 # leaseServerName    Name of DHCP server
 # leaseActIP         IP address of DHCP client
 #leaseActMAC      MAC address of DHCP client
 ###

 # "a.b.c.d" -> "a-b-c-d" for IP addresses used as replacement for missing host names
 :local ip2Host do=\
 {
  :local outStr
  :for i from=0 to=([:len $inStr] - 1) do=\
  {
    :local tmp [:pick $inStr $i];
    :if ($tmp =".") do=\
    {
      :set tmp "-"
    }
    :set outStr ($outStr . $tmp)
  }
  :return $outStr
 }

 :local mapHostName do={
 # param: name
 # max length = 63
 # allowed chars a-z,0-9,-
  :local allowedChars "abcdefghijklmnopqrstuvwxyz0123456789-";
  :local numChars [:len $name];
  :if ($numChars > 63) do={:set numChars 63};
  :local result "";

  :for i from=0 to=($numChars - 1) do={
    :local char [:pick $name $i];
    :if ([:find $allowedChars $char] < 0) do={:set char "-"};
    :set result ($result . $char);
  }
  :return $result;
 }

 :local lowerCase do={
 # param: entry
  :local lower "abcdefghijklmnopqrstuvwxyz";
  :local upper "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
  :local result "";
  :for i from=0 to=([:len $entry] - 1) do={
    :local char [:pick $entry $i];
    :local pos [:find $upper $char];
    :if ($pos > -1) do={:set char [:pick $lower $pos]};
    :set result ($result . $char);
  }
  :return $result;
 }

 :local token "$leaseServerName-$leaseActMAC";
 :local LogPrefix "DHCP2DNS ($leaseServerName)"

 :if ( [ :len $leaseActIP ] <= 0 ) do=\
 {
  :log error "$LogPrefix: empty lease address"
  :error "empty lease address"
 }

 :if ( $leaseBound = 1 ) do=\
 {
  # new DHCP lease added
  /ip dhcp-server
  #:local dnsttl [ get [ find name=$leaseServerName ] lease-time ]
  network
  :local domain [ get [ find $leaseActIP in address ] domain ]
  #:log info "$LogPrefix: DNS domain is $domain"

  :local hostname [/ip dhcp-server lease get value-name=host-name [find mac-address=$leaseActMAC and server=$leaseServerName]]
  #:log info "$LogPrefix: DHCP hostname is $hostname"

 #Hostname cleanup
  :if ( [ :len $hostname ] <= 0 ) do=\
  {
    :set hostname [ $ip2Host inStr=$leaseActIP ]
    :log info "$LogPrefix: Empty hostname for '$leaseActIP', using generated host name '$hostname'"
  }
  :set hostname [$lowerCase entry=$hostname]
  :set hostname [$mapHostName name=$hostname]
  #:log info "$LogPrefix: Clean hostname for FQDN is $hostname";

  :if ( [ :len $domain ] <= 0 ) do=\
  {
    :log warning "$LogPrefix: Empty domainname for '$leaseActIP', cannot create static DNS name"
    :error "Empty domainname for '$leaseActIP'"
  }

  :local fqdn ($hostname . "." .  $domain)
  #:log info "$LogPrefix: FQDN for DNS is $fqdn"

    :if ([/ip dhcp-server lease get [find mac-address=$leaseActMAC and server=$leaseServerName]]) do={
      # :log info message="$LogPrefix: $leaseActMAC -> $hostname"
      :do {
        /ip dns static add address=$leaseActIP name=$fqdn ttl=$dnsttl comment=$token;
      } on-error={:log error message="$LogPrefix: Failure during dns registration of $fqdn with $leaseActIP"}
    }

 } else={
 # DHCP lease removed
  /ip dns static remove [find comment=$token];
 }
diff --git a/external_ip_script.txt b/external_ip_script.txt
 # Set needed variables
 :local extInterface "ether5-gateway";
 :local extAddrList "external-ip";
 :local extIpAddr "";
 :local extOldAddr "";

 # Grab the current IP address on that interface.
 :local extCidrAddr [/ip address get [/ip address find interface=$extInterface disabled=no ] address];
 :set extIpAddr [:pick $extCidrAddr 0 [:find $extCidrAddr "/"]];
 :log info "Current external IP = $extIpAddr";

 :if ([:len [/ip firewall address-list find list=$extAddrList]] > 0) do={
   :set extOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$extAddrList] address];
   :if ($extOldAddr != $extIpAddr) do={
      /ip firewall address-list set [/ip firewall address-list find list=$extAddrList address=$extOldAddr] address=$extIpAddr
     :log info "External IP changed from $extOldAddr to $extIpAddr";
   } else={
     :log info "External IP not changed";
   };
 } else={
   /ip firewall address-list add list=$extAddrList address=$extIpAddr
   :log info "New external IP added: $extIpAddr";
 };
diff --git a/internal_ip_script.txt b/internal_ip_script.txt
 # Set needed variables
 :local intInterface "bridge-local";
 :local intAddrList "internal-ip";
 :local intIpAddr "";
 :local intOldAddr "";

 # Grab the current IP address on that interface.
 :local intCidrAddr [/ip address get [/ip address find interface=$intInterface disabled=no ] address];
 :set intIpAddr [:pick $intCidrAddr 0 [:find $intCidrAddr "/"]];
 :log info "Current internal IP = $intIpAddr";

 :if ([:len [/ip firewall address-list find list=$intAddrList]] > 0) do={
   :set intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$intAddrList] address];
   :if ($intOldAddr != $intIpAddr) do={
      /ip firewall address-list set [/ip firewall address-list find list=$intAddrList address=$intOldAddr] address=$intIpAddr
     :log info "Internal IP changed from $intOldAddr to $intIpAddr";
   } else={
     :log info "Internal IP not changed";
   };
 } else={
   /ip firewall address-list add list=$intAddrList address=$intIpAddr
   :log info "New internal IP added: $intIpAddr";
 };
diff --git a/ips_script.txt b/ips_script.txt
 :foreach id in=[/ip addr find] do={
  :local intInterface [/ip addr get $id interface];
  :local intAddrList "$intInterface-ip";
  :local intIpAddr "";
  :local intOldAddr "";

  :local intCidrAddr [/ip address get [/ip address find interface=$intInterface disabled=no] address];
  :set intIpAddr [:pick $intCidrAddr 0 [:find $intCidrAddr "/"]];
  :log info "Current $intInterface IP is $intIpAddr";

  :if ([:len [/ip firewall address-list find list="$intAddrList"]] > 0) do={
    :set intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$intAddrList] address];
    :if ($intOldAddr != $intIpAddr) do={
      /ip firewall address-list set [/ip firewall address-list find list=$intAddrList address=$intOldAddr] address=$intIpAddr;
      :log info "IP of $intInterface has been changed from $intOldAddr to $intIpAddr";
    } else={
      :log info "IP of $intInterface has not been changed";
    };
  } else={
    /ip firewall address-list add list=$intAddrList address=$intIpAddr;
    :log info "New IP $intIpAddr for $intInterface has been added";
  };
 };
diff --git a/pools-to-lists.txt b/pools-to-lists.txt
 :foreach id in=[/ip pool find] do={
  :local poolName "$[ /ip pool get $id name ]-addr";
  :local poolRanges [ /ip pool get $id ranges ];
  :if ([:len $poolName] > 0 and [:len $poolRanges] > 0) do={
    :if ([:len [/ip firewall address-list find list="$poolName"]] > 0) do={
      :local intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$poolName] address];
      :if ($intOldAddr != $poolRanges) do={
        /ip firewall address-list set [/ip firewall address-list find list=$poolName address=$intOldAddr] address=$poolRanges;
        :log info "Pool address list has been changed from $intOldAddr to $poolRanges";
      } else={
        :log info "Pool address list $poolName has not been changed";
      };
    } else={
      /ip firewall address-list add list=$poolName address=$poolRanges;
      :log info "New pool address list $poolName has been added with $poolRanges";
    };
  };
 };
diff --git a/srcnat_masq.txt b/srcnat_masq.txt
 :local gatewayList "ether5-gateway-ip";
 :local natRuleTag "NAT_TAG";
 :local gatewayIP "";
 :set gatewayIP [/ip firewall address-list get [/ip firewall address-list find list=$gatewayList] address];

 :if ([:len $gatewayIP] > 0) do={
  :local natRuleAddr "";
  :foreach id in=[/ip firewall nat find chain=srcnat comment="$natRuleTag"] do={
    :set natRuleAddr [/ip firewall nat get $id to-addresses];
    :if ($natRuleAddr != $gatewayIP) do={
      /ip firewall nat set $id to-addresses=$gatewayIP;
      :log info "SRC-NAT $natRuleTag rule has been updated from $natRuleAddr to $gatewayIP for $[/ip firewall nat get $id src-address-list]";
    } else={
      :log info "No action needed on $natRuleTag rule for $[/ip firewall nat get $id src-address-list]";
    };
  };
 };
	:foreach id in=[/ip addr find] do={
	:local intInterface [/ip addr get $id interface];
	:local intAddrList "$intInterface-addr";
	:local intOldAddr "";
	:local intCidrBlock "";

	:local intCidrAddr [/ip address get [/ip address find interface=$intInterface disabled=no] address];
	:local intNetAddr [/ip address get [/ip address find interface=$intInterface disabled=no] network];
	:set intCidrBlock "$intNetAddr/$[:pick $intCidrAddr ([:find $intCidrAddr "/"]+1) [:len $intCidrAddr]]";
	:log info "Current $intInterface CIDR is $intCidrBlock";

	:if ([:len [/ip firewall address-list find list="$intAddrList"]] > 0) do={
	:set intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$intAddrList] address];
	:if ($intOldAddr != $intCidrBlock) do={
	/ip firewall address-list set [/ip firewall address-list find list=$intAddrList address=$intOldAddr] address=$intCidrBlock;
	:log info "CIDR of $intInterface has been changed from $intOldAddr to $intCidrBlock";
	} else={
	:log info "CIDR of $intInterface has not been changed";
	};
	} else={
	/ip firewall address-list add list=$intAddrList address=$intCidrBlock;
	:log info "New CIDR $intCidrBlock for $intInterface has been added";
	};
	};
	# DNS TTL to set for DNS entries
	:local dnsttl "11:59:59";

	###
	# Script entry point
	#
	# Expected environment variables:
	# leaseBound 1 = lease bound, 0 = lease removed
	# leaseServerName Name of DHCP server
	# leaseActIP IP address of DHCP client
	#leaseActMAC MAC address of DHCP client
	###

	# "a.b.c.d" -> "a-b-c-d" for IP addresses used as replacement for missing host names
	:local ip2Host do=\
	{
	:local outStr
	:for i from=0 to=([:len $inStr] - 1) do=\
	{
	:local tmp [:pick $inStr $i];
	:if ($tmp =".") do=\
	{
	:set tmp "-"
	}
	:set outStr ($outStr . $tmp)
	}
	:return $outStr
	}

	:local mapHostName do={
	# param: name
	# max length = 63
	# allowed chars a-z,0-9,-
	:local allowedChars "abcdefghijklmnopqrstuvwxyz0123456789-";
	:local numChars [:len $name];
	:if ($numChars > 63) do={:set numChars 63};
	:local result "";

	:for i from=0 to=($numChars - 1) do={
	:local char [:pick $name $i];
	:if ([:find $allowedChars $char] < 0) do={:set char "-"};
	:set result ($result . $char);
	}
	:return $result;
	}

	:local lowerCase do={
	# param: entry
	:local lower "abcdefghijklmnopqrstuvwxyz";
	:local upper "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
	:local result "";
	:for i from=0 to=([:len $entry] - 1) do={
	:local char [:pick $entry $i];
	:local pos [:find $upper $char];
	:if ($pos > -1) do={:set char [:pick $lower $pos]};
	:set result ($result . $char);
	}
	:return $result;
	}

	:local token "$leaseServerName-$leaseActMAC";
	:local LogPrefix "DHCP2DNS ($leaseServerName)"

	:if ( [ :len $leaseActIP ] <= 0 ) do=\
	{
	:log error "$LogPrefix: empty lease address"
	:error "empty lease address"
	}

	:if ( $leaseBound = 1 ) do=\
	{
	# new DHCP lease added
	/ip dhcp-server
	#:local dnsttl [ get [ find name=$leaseServerName ] lease-time ]
	network
	:local domain [ get [ find $leaseActIP in address ] domain ]
	#:log info "$LogPrefix: DNS domain is $domain"

	:local hostname [/ip dhcp-server lease get value-name=host-name [find mac-address=$leaseActMAC and server=$leaseServerName]]
	#:log info "$LogPrefix: DHCP hostname is $hostname"

	#Hostname cleanup
	:if ( [ :len $hostname ] <= 0 ) do=\
	{
	:set hostname [ $ip2Host inStr=$leaseActIP ]
	:log info "$LogPrefix: Empty hostname for '$leaseActIP', using generated host name '$hostname'"
	}
	:set hostname [$lowerCase entry=$hostname]
	:set hostname [$mapHostName name=$hostname]
	#:log info "$LogPrefix: Clean hostname for FQDN is $hostname";

	:if ( [ :len $domain ] <= 0 ) do=\
	{
	:log warning "$LogPrefix: Empty domainname for '$leaseActIP', cannot create static DNS name"
	:error "Empty domainname for '$leaseActIP'"
	}

	:local fqdn ($hostname . "." . $domain)
	#:log info "$LogPrefix: FQDN for DNS is $fqdn"

	:if ([/ip dhcp-server lease get [find mac-address=$leaseActMAC and server=$leaseServerName]]) do={
	# :log info message="$LogPrefix: $leaseActMAC -> $hostname"
	:do {
	/ip dns static add address=$leaseActIP name=$fqdn ttl=$dnsttl comment=$token;
	} on-error={:log error message="$LogPrefix: Failure during dns registration of $fqdn with $leaseActIP"}
	}

	} else={
	# DHCP lease removed
	/ip dns static remove [find comment=$token];
	}
	# Set needed variables
	:local extInterface "ether5-gateway";
	:local extAddrList "external-ip";
	:local extIpAddr "";
	:local extOldAddr "";

	# Grab the current IP address on that interface.
	:local extCidrAddr [/ip address get [/ip address find interface=$extInterface disabled=no ] address];
	:set extIpAddr [:pick $extCidrAddr 0 [:find $extCidrAddr "/"]];
	:log info "Current external IP = $extIpAddr";

	:if ([:len [/ip firewall address-list find list=$extAddrList]] > 0) do={
	:set extOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$extAddrList] address];
	:if ($extOldAddr != $extIpAddr) do={
	/ip firewall address-list set [/ip firewall address-list find list=$extAddrList address=$extOldAddr] address=$extIpAddr
	:log info "External IP changed from $extOldAddr to $extIpAddr";
	} else={
	:log info "External IP not changed";
	};
	} else={
	/ip firewall address-list add list=$extAddrList address=$extIpAddr
	:log info "New external IP added: $extIpAddr";
	};
	# Set needed variables
	:local intInterface "bridge-local";
	:local intAddrList "internal-ip";
	:local intIpAddr "";
	:local intOldAddr "";

	# Grab the current IP address on that interface.
	:local intCidrAddr [/ip address get [/ip address find interface=$intInterface disabled=no ] address];
	:set intIpAddr [:pick $intCidrAddr 0 [:find $intCidrAddr "/"]];
	:log info "Current internal IP = $intIpAddr";

	:if ([:len [/ip firewall address-list find list=$intAddrList]] > 0) do={
	:set intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$intAddrList] address];
	:if ($intOldAddr != $intIpAddr) do={
	/ip firewall address-list set [/ip firewall address-list find list=$intAddrList address=$intOldAddr] address=$intIpAddr
	:log info "Internal IP changed from $intOldAddr to $intIpAddr";
	} else={
	:log info "Internal IP not changed";
	};
	} else={
	/ip firewall address-list add list=$intAddrList address=$intIpAddr
	:log info "New internal IP added: $intIpAddr";
	};
	:foreach id in=[/ip addr find] do={
	:local intInterface [/ip addr get $id interface];
	:local intAddrList "$intInterface-ip";
	:local intIpAddr "";
	:local intOldAddr "";

	:local intCidrAddr [/ip address get [/ip address find interface=$intInterface disabled=no] address];
	:set intIpAddr [:pick $intCidrAddr 0 [:find $intCidrAddr "/"]];
	:log info "Current $intInterface IP is $intIpAddr";

	:if ([:len [/ip firewall address-list find list="$intAddrList"]] > 0) do={
	:set intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$intAddrList] address];
	:if ($intOldAddr != $intIpAddr) do={
	/ip firewall address-list set [/ip firewall address-list find list=$intAddrList address=$intOldAddr] address=$intIpAddr;
	:log info "IP of $intInterface has been changed from $intOldAddr to $intIpAddr";
	} else={
	:log info "IP of $intInterface has not been changed";
	};
	} else={
	/ip firewall address-list add list=$intAddrList address=$intIpAddr;
	:log info "New IP $intIpAddr for $intInterface has been added";
	};
	};
	:foreach id in=[/ip pool find] do={
	:local poolName "$[ /ip pool get $id name ]-addr";
	:local poolRanges [ /ip pool get $id ranges ];
	:if ([:len $poolName] > 0 and [:len $poolRanges] > 0) do={
	:if ([:len [/ip firewall address-list find list="$poolName"]] > 0) do={
	:local intOldAddr [/ip firewall address-list get [/ip firewall address-list find list=$poolName] address];
	:if ($intOldAddr != $poolRanges) do={
	/ip firewall address-list set [/ip firewall address-list find list=$poolName address=$intOldAddr] address=$poolRanges;
	:log info "Pool address list has been changed from $intOldAddr to $poolRanges";
	} else={
	:log info "Pool address list $poolName has not been changed";
	};
	} else={
	/ip firewall address-list add list=$poolName address=$poolRanges;
	:log info "New pool address list $poolName has been added with $poolRanges";
	};
	};
	};
	:local gatewayList "ether5-gateway-ip";
	:local natRuleTag "NAT_TAG";
	:local gatewayIP "";
	:set gatewayIP [/ip firewall address-list get [/ip firewall address-list find list=$gatewayList] address];

	:if ([:len $gatewayIP] > 0) do={
	:local natRuleAddr "";
	:foreach id in=[/ip firewall nat find chain=srcnat comment="$natRuleTag"] do={
	:set natRuleAddr [/ip firewall nat get $id to-addresses];
	:if ($natRuleAddr != $gatewayIP) do={
	/ip firewall nat set $id to-addresses=$gatewayIP;
	:log info "SRC-NAT $natRuleTag rule has been updated from $natRuleAddr to $gatewayIP for $[/ip firewall nat get $id src-address-list]";
	} else={
	:log info "No action needed on $natRuleTag rule for $[/ip firewall nat get $id src-address-list]";
	};
	};
	};