DigitalBrain

Mikrotik Firewall IP Sync

May 31st, 2018
351
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1.  #Created by Dmitriy Mozgovoy on 24.05.2017.
  2.    :local maxEntriesCount 1024;
  3.    :local listName "UA-BLACKLIST"
  4.    :local tempFile "ips.txt"
  5.    :local apiPath ""; #https://uablacklist.net/ips.txt
  6.    :local destMail ""; #yourmail@gmail.com";
  7.  
  8.    :if ( $apiPath!="") do={
  9.      /log info "fetching UA blacklist registry ($apiPath)...";
  10.      /tool fetch url=$apiPath dst-path=$tempFile
  11.    }
  12.    :local counter 0;
  13.    :local ipList [:toarray ""];
  14.    :local added [:toarray ""];
  15.    :local removed [:toarray ""];
  16.    :local lineEnd 0;
  17.    :local line "";
  18.    :local lastEnd 0;
  19.    :if ( [/file get [/file find name=$tempFile] size] > 0 ) do={
  20.    :put "Analyzing...";
  21.    /log info "Analyzing data in [$tempFile]..."
  22.    :local rule [/ip firewall filter find dst-address-list=$listName]
  23.    :if ([:len $rule]=0)  do={
  24.      /log info "firewall rule not found. Adding...";
  25.      /ip firewall filter add chain=forward dst-address-list="$listName" comment="rule for $listName" action=reject reject-with=icmp-host-unreachable place-before=0;
  26.    }
  27.    :local content [/file get [/file find name=$tempFile] contents] ;
  28.    :local contentLen [ :len $content ] ;
  29.    :do {
  30.        :set $counter (counter+1);
  31.        :set lineEnd [:find $content "\n" $lastEnd ] ;
  32.        :if ($lineEnd < $lastEnd) do={
  33.             :set $lineEnd $contentLen;
  34.        }
  35.        :set line [:pick $content $lastEnd $lineEnd] ;
  36.        :set lastEnd ( $lineEnd + 1 ) ;
  37.         :if (  [:len $line] > 0 )  do={        
  38.            :set $ipList ($ipList, $line);
  39.            :if ( [:len [/ip firewall address-list find address=$line list=$listName]] =0 ) do={
  40.                    /ip firewall address-list add list="$listName" address="$line";
  41.                    :set $added ($added, $line);
  42.                    /log warning "New address ($line) added to $listName";
  43.            } else={
  44.                    /log warning "Rule for address ($line) already exists in $listName";
  45.            }
  46.         }
  47.     } while ($lineEnd < $contentLen && $counter < $maxEntriesCount )
  48.    }
  49. /ip firewall address-list
  50. :foreach x in=[find list=$listName] do={
  51.    :local addr [get $x address];
  52.    :local found false;
  53.    :foreach ip in=$ipList do={
  54.        :if ( $ip=addr ) do={
  55.          :set found true;
  56.       }
  57.    }
  58.   :if ( !found ) do={
  59.      :set $removed ($removed, $addr);
  60.      /ip firewall address-list remove $x;
  61.      /log warning "Remove IP ($addr) from $listName";
  62.    }
  63. }
  64. :local newCount [:len $added];
  65. :local removedCount [:len $removed];
  66. :local body "";
  67. :if ( $newCount>0 || $removedCount>0 ) do={
  68. :local index 0;
  69. :if ( $newCount > 0 ) do={
  70.     :set $body ("Added new address to $listName (count: " . $newCount . ")\n [");
  71.     :foreach ip in=$added do={
  72.        :set $index ( $index+1 );
  73.        :set $body ($body . " $ip ");
  74.        :if ( $index < $newCount ) do={
  75.            :set $body ($body. ",");
  76.        }
  77.    }
  78.    :set $body ($body . "]");
  79. }
  80. :set $index 0;
  81. :if ( $removedCount > 0 ) do={
  82.     :set $body ($body . "\nRemoved address from $listName (count: " . $removedCount . ")\n [");
  83.     :foreach ip in=$removed do={
  84.        :set $index ( $index+1 );
  85.        :set $body ($body . " $ip ");
  86.        :if ( $index < $removedCount ) do={
  87.            :set $body ($body. ",");
  88.        }
  89.    }
  90.    :set $body ($body . "]");
  91. }
  92.   /log warning ("$listName has been updated. $body");
  93.  :if ($destMail!="") do {
  94.    /tool e-mail send to=$destMail subject=("[" .[/system identity get name] . "] The $listName has been synchronized with registry in $tempFile ($apiPath). Found some changes") body=$body;
  95.    /log info "Email has been sent to $destMail";
  96.   }
  97.   :beep frequency=600 length=200ms;
  98. } else={
  99.   /log info ("$listName has been synchronized. No changes were found");
  100. }
  101. :put "Done.";
RAW Paste Data