From e9210acfdb9c2c66ff422bbb341a4f8ab71a796d Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 18 Dec 2020 00:02:56 +0100 Subject: ipv6-update: add missing colon --- ipv6-update | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipv6-update b/ipv6-update index 4fdda3d..bbe5b2d 100644 --- a/ipv6-update +++ b/ipv6-update @@ -22,7 +22,7 @@ # give the interfaces a moment to receive their addresses :delay 2s; -if ($OldPrefix != $PdPrefix) do={ +:if ($OldPrefix != $PdPrefix) do={ :log info ("Updating IPv6 address list with new IPv6 prefix " . $PdPrefix); / ipv6 firewall address-list set address=$PdPrefix $AddrList; -- cgit v1.2.3-54-g00ecf From 744a03896c3276ca0bee9af5735851bb64a7f542 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 18 Dec 2020 09:59:13 +0100 Subject: ipv6-update: automatically add ipv6 address list entry --- doc/ipv6-update.md | 3 +++ ipv6-update | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/doc/ipv6-update.md b/doc/ipv6-update.md index 93ada42..5295bd5 100644 --- a/doc/ipv6-update.md +++ b/doc/ipv6-update.md @@ -40,6 +40,9 @@ firewall rules, comment has to be "`ipv6-pool-`" and actual pool name: / ipv6 firewall address-list add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern; +As this entry is mandatory it is created automatically if it does not exist, +with the comment also set for list. + Static DNS records need a special comment to be updated. Again it has to start with "`ipv6-pool-`" and actual pool name, followed by a comma, "`interface=`" and the name of interface this address is connected to: diff --git a/ipv6-update b/ipv6-update index bbe5b2d..56dbd16 100644 --- a/ipv6-update +++ b/ipv6-update @@ -17,6 +17,11 @@ :local Pool [ / ipv6 pool get [ find where prefix=$PdPrefix ] name ]; :local AddrList [ / ipv6 firewall address-list find where comment=("ipv6-pool-" . $Pool) ]; +:if ([ :len $AddrList ] = 0) do={ + :log info ("Missing ipv6 address list entry for ipv6-pool-" . $Pool . ", adding."); + / ipv6 firewall address-list add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool); + :set AddrList [ / ipv6 firewall address-list find where comment=("ipv6-pool-" . $Pool) ]; +} :local OldPrefix [ / ipv6 firewall address-list get $AddrList address ]; # give the interfaces a moment to receive their addresses -- cgit v1.2.3-54-g00ecf From 503dc3c32ccd7c75086bec878fd9149a8632c82c Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 18 Dec 2020 10:01:50 +0100 Subject: ipv6-update: move the delay down We have to wait for the interfaces, no need to delay address list entry. --- ipv6-update | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ipv6-update b/ipv6-update index 56dbd16..1baa0a4 100644 --- a/ipv6-update +++ b/ipv6-update @@ -24,13 +24,13 @@ } :local OldPrefix [ / ipv6 firewall address-list get $AddrList address ]; -# give the interfaces a moment to receive their addresses -:delay 2s; - :if ($OldPrefix != $PdPrefix) do={ :log info ("Updating IPv6 address list with new IPv6 prefix " . $PdPrefix); / ipv6 firewall address-list set address=$PdPrefix $AddrList; + # give the interfaces a moment to receive their addresses + :delay 2s; + :foreach Record in=[ / ip dns static find where comment~("^ipv6-pool-" . $Pool . ",") ] do={ :local RecordVal [ / ip dns static get $Record ]; :local Comment [ $ParseKeyValueStore ($RecordVal->"comment") ]; -- cgit v1.2.3-54-g00ecf From cb72eccc6cf66cab0412f7bd696aa079fffc5180 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 18 Dec 2020 10:11:18 +0100 Subject: ipv6-update: update interface specific address list entries --- doc/ipv6-update.md | 6 ++++++ ipv6-update | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/doc/ipv6-update.md b/doc/ipv6-update.md index 5295bd5..f736433 100644 --- a/doc/ipv6-update.md +++ b/doc/ipv6-update.md @@ -43,6 +43,12 @@ firewall rules, comment has to be "`ipv6-pool-`" and actual pool name: As this entry is mandatory it is created automatically if it does not exist, with the comment also set for list. +Address list entries for specific interfaces can be updated as well. The +interface needs to get its address from pool `isp` and the address list entry +has to be associated to an interface in comment: + + / ipv6 firewall address-list add address=2003:cf:2f0f:de01::/64 comment="ipv6-pool-isp, interface=br-local" list=local; + Static DNS records need a special comment to be updated. Again it has to start with "`ipv6-pool-`" and actual pool name, followed by a comma, "`interface=`" and the name of interface this address is connected to: diff --git a/ipv6-update b/ipv6-update index 1baa0a4..2224a11 100644 --- a/ipv6-update +++ b/ipv6-update @@ -31,6 +31,18 @@ # give the interfaces a moment to receive their addresses :delay 2s; + :foreach ListEntry in=[ / ipv6 firewall address-list find where comment~("^ipv6-pool-" . $Pool . ",") ] do={ + :local ListEntryVal [ / ipv6 firewall address-list get $ListEntry ]; + :local Comment [ $ParseKeyValueStore ($ListEntryVal->"comment") ]; + + :local Address [ / ipv6 address find where from-pool=$Pool interface=($Comment->"interface") ]; + :if ([ :len $Address ] = 1) do={ + :set Address [ / ipv6 address get $Address address ]; + :log info ("Updating IPv6 address list with new IPv6 prefix " . $Address . " from interface " . ($Comment->"interface")); + / ipv6 firewall address-list set address=$Address $ListEntry; + } + } + :foreach Record in=[ / ip dns static find where comment~("^ipv6-pool-" . $Pool . ",") ] do={ :local RecordVal [ / ip dns static get $Record ]; :local Comment [ $ParseKeyValueStore ($RecordVal->"comment") ]; -- cgit v1.2.3-54-g00ecf From 3657830582c4e5b4c75050bc2145adee52fbef28 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 18 Dec 2020 15:31:03 +0100 Subject: ipv6-update: notify about interface specific address list entries --- global-config | 2 +- global-config-overlay | 2 +- global-config.changes | 1 + global-functions | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/global-config b/global-config index 6c94b1b..2b1586e 100644 --- a/global-config +++ b/global-config @@ -8,7 +8,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! -:global GlobalConfigVersion 38; +:global GlobalConfigVersion 39; # This is used for DNS and backup file. :global Domain "example.com"; diff --git a/global-config-overlay b/global-config-overlay index 46da208..93bd84b 100644 --- a/global-config-overlay +++ b/global-config-overlay @@ -9,7 +9,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! # Comment or remove to disable change notifications. -:global GlobalConfigVersion 38; +:global GlobalConfigVersion 39; # Copy configuration from global-config here and modify it. diff --git a/global-config.changes b/global-config.changes index 306a866..343f5bf 100644 --- a/global-config.changes +++ b/global-config.changes @@ -47,4 +47,5 @@ $CertificateAvailable "R3"; 36="Added support for installing updates automatically if seen in neighbor list."; 37="Implemented simple dependency model in 'netwatch-notify'."; 38="Imported new Let's Encrypt intermediate certificate 'R3'."; + 39="Added support for interface specific address list entries in 'ipv6-update'."; }; diff --git a/global-functions b/global-functions index 6b29157..51396bf 100644 --- a/global-functions +++ b/global-functions @@ -8,7 +8,7 @@ # https://git.eworm.de/cgit/routeros-scripts/about/ # expected configuration version -:global ExpectedConfigVersion 38; +:global ExpectedConfigVersion 39; # global variables not to be changed by user :global GlobalFunctionsReady false; -- cgit v1.2.3-54-g00ecf