groove/routeros-scripts-main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2026-01-21 00:19:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
3386 commits 4 branches 247 tags 11 MiB
Commit graph

3386 commits

This branch
This branch
All branches
Author SHA1 Message Date
Christian Hesse
4841c2c58d mod/notification-email: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
da516a5102 mod/ipcalc: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
9ae01995d7 mod/inspectvar: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
5d0760e422 mod/bridge-port-vlan: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
5cc9b8c775 mod/bridge-port-to: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
19dcddf406 accesslist-duplicates: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
5dcd63eed0 global-functions: $SendNotification: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
7bb6a3f843 global-functions: $ScriptInstallUpdate: use $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
843ec3030c global-functions: make $ExitError a wrapper for $ExitOnError 2026-01-20 16:22:21 +01:00
Christian Hesse
bbf2f5abbf global-functions: introduce $ExitOnError 
This is just like $ExitError, but first parameter is dropped. We will
not need it now that we can exit a script with :exit.
 2026-01-20 16:22:21 +01:00
Christian Hesse
9347063647 global-functions: enable scheduler if disabled 2026-01-20 16:21:58 +01:00
Christian Hesse
16976b1d78 global-functions: simplify scheduler fix 2026-01-20 16:20:55 +01:00
Christian Hesse
74be3eae5d global-functions: make the scheduler fix a block 2026-01-20 16:19:54 +01:00
Christian Hesse
b7a5402be6 introduce 'global-functions.d/deprecated' for deprecated functions 2026-01-20 09:53:24 +01:00
Christian Hesse
28b1297a43 global-functions: $ScriptInstallUpdate: trigger reload on changed snippet 2026-01-20 09:51:05 +01:00
Christian Hesse
72660f21a5 check-certificates: print warning on $CertRenewUrl just once 2026-01-19 16:37:20 +01:00
Christian Hesse
f1333087d2 mode-button: drop unused variable $ExitOK 2026-01-19 14:55:19 +01:00
Christian Hesse
e6542ba8cc accesslist-duplicates: drop unused variable $ExitOK 2026-01-19 14:54:32 +01:00
Christian Hesse
883a442ff5 Merge branch 'lets-encrypt-gen-y' into next 2026-01-17 16:59:01 +01:00
Christian Hesse
7716bb9d6c fw-addr-lists: rsc.eworm.de requires 'Root YE' 2026-01-17 16:58:16 +01:00
Christian Hesse
ced6bf2c11 INITIAL-COMMANDS: update for new Let's Encrypt CA 'Root YE' 2026-01-17 16:58:16 +01:00
Christian Hesse
6e8e841906 README: update for new Let's Encrypt CA 'Root YE' 2026-01-17 16:58:16 +01:00
Christian Hesse
9919b9fe76 global-functions: $ScriptInstallUpdate: get new Let's Encrypt CA 'Root YE' 2026-01-17 16:58:16 +01:00
Christian Hesse
68a4ac942e certs: update *.eworm.de for new Let's Encrypt 'Root YE' 2026-01-17 16:58:16 +01:00
Christian Hesse
244eceafee certs: add Let's Encrypt 'Root YR' for future use 
https://letsencrypt.org/2025/11/24/gen-y-hierarchy
https://letsencrypt.org/certificates/#root-cas
 2026-01-17 16:58:16 +01:00
Christian Hesse
aebe7bd054 certs: add Let's Encrypt 'Root YE' for future use 
https://letsencrypt.org/2025/11/24/gen-y-hierarchy
https://letsencrypt.org/certificates/#root-cas
 2026-01-17 16:58:16 +01:00
Christian Hesse
6468c24d61 update list of contributors 2026-01-17 16:57:50 +01:00
Christian Hesse
fd4bf59bae Merge branch 'certificates' into next 2026-01-17 16:57:34 +01:00
Christian Hesse
b52936e946 doc/netwatch-dns: mention ip address... 
... which can be used for serveral services that have it in SAN.
 2026-01-17 16:52:20 +01:00
Christian Hesse
92759fcca5 doc/netwatch-dns: give hint on multiple certificates 2026-01-16 14:48:18 +01:00
Christian Hesse
ad310e6573 doc/netwatch-dns: always use the same order for examples 2026-01-16 14:48:18 +01:00
Christian Hesse
c0c1c5521e doc/netwatch-dns: include examples for dns.quad9.net & dns.google 2026-01-16 14:48:02 +01:00
Christian Hesse
0fffb5198e netwatch-dns: support multiple certificates 
Some services use certificates issued by differnt CA certificates,
depending on geolocation. One example is dns.google, which may require
either of 'GTS Root R1' or 'GTS Root R4'.

    /tool/netwatch/add comment="doh, dns, name=google-dns-ipv4, doh-cert=GTS Root R1:GTS Root R4" host=8.8.8.8 type=simple;
 2026-01-16 13:52:18 +01:00
Christian Hesse
330a616406 check-certificates: abort renew if "new" certificate is older... 
... and drop the condition on $CertRenewTime.
 2026-01-16 13:41:10 +01:00
Christian Hesse
0fee5cea3c check-certificates: move the warning below check for key 2026-01-16 13:41:10 +01:00
Christian Hesse
d673f0956c global-functions: $CertificateAvailable: get missing certificate... 
... not the issued and available one.
 2026-01-16 00:32:49 +01:00
Christian Hesse
ad455c8f1d doc/netwatch-dns: cloudflare uses a new CA for certificates 2026-01-15 23:14:37 +01:00
Christian Hesse
b72a79824e certs: add 'SSL.com Root Certification Authority ECC'... 
... to use with Cloudflare DNS.

curl -d '["SSL.com Root Certification Authority ECC"]' https://mkcert.org/generate/ | grep -v '^$' > certs/SSL-com-Root-Certification-Authority-ECC.pem
 2026-01-15 23:14:37 +01:00
Christian Hesse
156b0e4aaf fw-addr-lists: www.dshield.org requires 'GTS Root R4' 2026-01-15 23:14:37 +01:00
Christian Hesse
302fc0bb82 fw-addr-lists: lists.blocklist.de requires 'GTS Root R4' 2026-01-15 23:14:33 +01:00
Christian Hesse
df8d0370c5 doc/mod/ssh-keys-import: reverse old and new 2026-01-14 15:30:21 +01:00
Christian Hesse
cc56680206 log-forward: try to mitigate a race condition 
The old code looped over all new messages, then updated the variable
to the newest message - at that time! Messages in between were lost.
 2026-01-14 15:19:12 +01:00
Christian Hesse
6fd28bf8f7 netwatch-dns: check the certificate is available for fetch 
That trust is not needed for DNS functionality (that was checked before),
but for our hacky check with fetch.
 2026-01-14 15:05:07 +01:00
Christian Hesse
2b8dfec2f7 bump required RouterOS version for all scripts 2026-01-12 10:00:30 +01:00
Christian Hesse
45bcb80125 global-functions: bump required version to 7.17... 
... as we use `:convert from=num ...` which was introduced back then.

Actually the requirment did exist since commit
6ad6f9aa08.
 2026-01-12 10:00:30 +01:00
Christian Hesse
e7a16ad279 check-certificates: give hint on possibly incomplete cert chain 2026-01-12 10:00:30 +01:00
Christian Hesse
5481787869 check-certificates: handle builtin certificate in chain 
This includes an ugly workaround to keep it compatible with old RouterOS
versions... For now.
 2026-01-12 10:00:30 +01:00
Christian Hesse
54af7fd024 check-certificates: drop workaround 
This revert commit 8de6995c4b.

The exact example given in the commit message of that commit works
as expected now:

[eworm@kalyke] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get ISRG-Root-X2 issuer ] ];
-type-> array
  -key-> C
    -type-> str
    -len-> 2
    -value-> US
  -key-> CN
    -type-> str
    -len-> 12
    -value-> ISRG Root X2
  -key-> O
    -type-> str
    -len-> 32
    -value-> Internet Security Research Group
 2026-01-12 08:31:53 +01:00
Christian Hesse
927edc639c README: hint on the badge regarding required RouterOS version 2026-01-11 21:54:12 +01:00
Christian Hesse
377e196cb0 README: long-term channel is back! 🎉 2026-01-11 21:54:12 +01:00