Compare commits

..

77 commits

Author SHA1 Message Date
Christian Hesse
7a1543bf8a Merge branch 'dhcp-to-dns' into next 2026-05-12 11:04:37 +02:00
Christian Hesse
659712e46f dhcp-to-dns: allow to ignore for specific lease 2026-05-12 11:02:47 +02:00
Christian Hesse
b462964455 update list of contributors 2026-05-11 22:12:19 +02:00
Łukasz Witkowski
96794c85e1 dhcp-to-dns: allow to specify domain for CNAMEs...
... in network or lease.
2026-05-11 22:12:19 +02:00
Łukasz Witkowski
e195391bec dhcp-to-dns: set $LeaseInfo 2026-05-11 22:12:19 +02:00
Łukasz Witkowski
da8ce886ff dhcp-to-dns: convert DNS names to lower case 2026-05-11 22:12:19 +02:00
Christian Hesse
8d781870b3 bump required RouterOS version for all scripts 2026-05-11 15:44:14 +02:00
Christian Hesse
a6288217c1 dhcp-to-dns: support to ignore networks
Closes: https://github.com/eworm-de/routeros-scripts/issues/119
2026-05-11 15:44:14 +02:00
Christian Hesse
bd84f40e2d global-functions: $NetMask6: use shift operator...
... and drop the workaround. This requires RouterOS 7.22beta3.
2026-05-11 15:44:14 +02:00
Christian Hesse
639b4a721b Merge branch 'break-in-loop' into next 2026-05-11 15:44:14 +02:00
Christian Hesse
8b36ccd936 Merge branch 'continue-in-loop' into next 2026-05-11 15:44:14 +02:00
Christian Hesse
8a3940d173 telegram-chat: fix indention 2026-05-11 15:44:14 +02:00
Christian Hesse
da2e543cc9 dhcp-to-dns: fix indention 2026-05-11 15:44:14 +02:00
Christian Hesse
14a4f53aee telegram-chat: use :break in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
0c4bae7c74 dhcp-to-dns: use another :continue in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
c5ee4d8782 check-certificates: use :break in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
0ed4756796 dhcp-to-dns: use :continue in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
37285db747 telegram-chat: use :continue in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
4d33570f70 netwatch-dns: fix indention 2026-05-11 15:44:14 +02:00
Christian Hesse
5237457e58 netwatch-dns: use :continue in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
4c430403fe netwatch-dns: fix indention 2026-05-11 15:44:14 +02:00
Christian Hesse
c6f7c3833d netwatch-dns: use :continue in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
ba5ec4901c global-functions: $ScriptInstallUpdate: fix indention 2026-05-11 15:44:14 +02:00
Christian Hesse
b1686c1a74 global-functions: $ScriptInstallUpdate: use :continue in loop 2026-05-11 15:44:14 +02:00
Christian Hesse
362b4538d7 global-functions: $CleanName: use :continue in loop 2026-05-11 15:43:58 +02:00
Christian Hesse
726a491ac3 fw-addr-lists: fix indention 2026-05-11 15:43:21 +02:00
Christian Hesse
f65dc263f4 fw-addr-lists: use :continue in loop 2026-05-11 15:43:21 +02:00
Christian Hesse
2072ac309e Merge branch 'early-exit-with-exit' into next 2026-05-11 15:43:20 +02:00
Christian Hesse
afb767871f Merge branch 'compare-ids' into next 2026-05-11 15:43:20 +02:00
Christian Hesse
7ce25f7ece global-functions: deprecate $ExitError 2026-05-11 15:43:20 +02:00
Christian Hesse
ee14da6c9c Merge branch 'drop-builtin-trust-anchors' into next 2026-05-11 15:43:20 +02:00
Christian Hesse
2ee5b11310 global-functions: deprecate $HexToNum 2026-05-11 15:43:20 +02:00
Christian Hesse
f85355b9ba update-tunnelbroker: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
42bbaf73a4 mod/notification-email: get property by name
This works now that we require RouterOS 7.21 anyway.
2026-05-11 15:43:20 +02:00
Christian Hesse
ba57a80d17 INITIAL-COMMANDS: drop the old builtin-trust-anchors 2026-05-11 15:43:20 +02:00
Christian Hesse
f980a24989 log-forward: fix indention 2026-05-11 15:43:20 +02:00
Christian Hesse
e4de545860 update-gre-address: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
ea145c3e69 mod/notification-email: use errors from command...
... instead of reading status from properties. This was introduced in
RouterOS 7.21beta2 (and we bump to 7.21 instead).
2026-05-11 15:43:20 +02:00
Christian Hesse
b71eb32600 global-functions: $CertificateDownload: drop the old builtin-trust-anchors 2026-05-11 15:43:20 +02:00
Christian Hesse
1397f068c6 log-forward: use comparison for ids
This was introduced with RouterOS 7.22beta1.

Initializing $LogForwardLast with boolean value looks odd, but this is
reuqired to match the very first message.
2026-05-11 15:43:20 +02:00
Christian Hesse
c03ffebfea telegram-chat: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
bcd3fa9a77 global-functions: $CleanName: add missing colon 2026-05-11 15:43:20 +02:00
Christian Hesse
c85183a260 global-functions: $CertificateAvailable: drop the old builtin-trust-anchors 2026-05-11 15:43:20 +02:00
Christian Hesse
c601316cd9 sms-forward: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
1500106a5b README: drop the old builtin-trust-anchors 2026-05-11 15:43:20 +02:00
Christian Hesse
5d991c8ed6 sms-action: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
f900684a20 ppp-on-up: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
f2a3a0414e packages-update: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
457b8de18e ospf-to-leds: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
b3ae0fa682 netwatch-notify: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
68cb26f06a netwatch-dns: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
8e6b1a278b log-forward: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
45fefb4299 ipv6-update: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
29c7f9f366 ipsec-to-dns: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
8147674a85 hotspot-to-wpa-cleanup: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
93295dffe6 hotspot-to-wpa: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
6d2c67fb15 gps-track: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
fd24deb651 fw-addr-lists: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
fa6e268d7f firmware-upgrade-reboot: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
46ead7cb01 dhcpv6-client-lease: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
e81427d10a dhcpv4-server-lease: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
e2274b5764 dhcp-to-dns: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
f2d30f80be dhcp-lease-comment: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
bc3c31a6c1 daily-psk: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
ef47f93f40 collect-wireless-mac: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
759ed0e36a check-routeros-update: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
a28347d451 check-perpetual-license: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
5c02b2c349 check-lte-firmware-upgrade: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
db848ebc22 check-health: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
b52558891b check-certificates: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
e67032cc44 certificate-renew-issued: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
5c0dbebb10 capsman-rolling-upgrade: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
ae849d7a6b capsman-download-packages: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
4f0b666c4e backup-upload: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
a20c6a5f57 backup-partition: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
2184885413 backup-email: early exit with :exit 2026-05-11 15:43:20 +02:00
Christian Hesse
701c3b2c3a backup-cloud: early exit with :exit 2026-05-11 15:43:20 +02:00
11 changed files with 26 additions and 26 deletions

View file

@ -18,9 +18,9 @@ Run the complete base installation:
{
:local BaseUrl "https://rsc.eworm.de/main/";
:local CertCommonName "ISRG Root X2";
:local CertFileName "ISRG-Root-X2.pem";
:local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
:local CertCommonName "Root YE";
:local CertFileName "Root-YE.pem";
:local CertFingerprint "e14ffcad5b0025731006caa43a121a22d8e9700f4fb9cf852f02a708aa5d5666";
:local CertSettings [ /certificate/settings/get ];
:if (!((($CertSettings->"builtin-trust-store") ~ "fetch" || \

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.7 KiB

After

Width:  |  Height:  |  Size: 2.6 KiB

Before After
Before After

Binary file not shown.

Before

Width:  |  Height:  |  Size: 5 KiB

After

Width:  |  Height:  |  Size: 4.9 KiB

Before After
Before After

View file

@ -122,18 +122,18 @@ If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
certificate chain.
/tool/fetch "https://rsc.eworm.de/main/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem";
/tool/fetch "https://rsc.eworm.de/main/certs/Root-YE.pem" dst-path="root-ye.pem";
![screenshot: download certs](README.d/01-download-certs.avif)
> **Info**: Note that the command above does *not* verify server
> certificate, so if you want to be safe download with your workstations's
> browser from CA's website and transfer the file to your MikroTik device:
> *Let's Encrypt* / *ISRG* [ISRG Root X2 ↗️](https://letsencrypt.org/certs/isrg-root-x2.pem)
> *Let's Encrypt* / *ISRG* [Root YE ↗️](https://letsencrypt.org/certs/gen-y/root-ye.pem)
Then we import the certificate.
/certificate/import file-name="isrg-root-x2.pem" passphrase="";
/certificate/import file-name="root-ye.pem" passphrase="";
Do not worry that the command is not shown - that happens because it contains
a sensitive property, the passphrase.
@ -141,11 +141,11 @@ a sensitive property, the passphrase.
![screenshot: import certs](README.d/02-import-certs.avif)
For basic verification we rename the certificate and print it by
fingerprint. Make sure exactly this one certificate ("*ISRG-Root-X2*")
fingerprint. Make sure exactly this one certificate ("*Root-YE*")
is shown.
/certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
/certificate/print proplist=name,fingerprint where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
/certificate/set name="Root-YE" [ find where common-name="Root YE" ];
/certificate/print proplist=name,fingerprint where fingerprint="e14ffcad5b0025731006caa43a121a22d8e9700f4fb9cf852f02a708aa5d5666";
![screenshot: check certs](README.d/03-check-certs.avif)

View file

@ -12,12 +12,12 @@ DOMAINS_DUAL = \
cloudflare-dns.com/SSL-com-Root-Certification-Authority-ECC \
dns.google/GTS-Root-RX \
dns.quad9.net/DigiCert-Global-Root-G3 \
git.eworm.de/ISRG-Root-X2 \
git.eworm.de/Root-YE \
gitlab.com/USERTrust-RSA-Certification-Authority \
lists.blocklist.de/GTS-Root-R4 \
matrix.org/GTS-Root-R4 \
raw.githubusercontent.com/ISRG-Root-X1 \
rsc.eworm.de/ISRG-Root-X2 \
rsc.eworm.de/Root-YE \
upgrade.mikrotik.com/ISRG-Root-X1
DOMAINS_IPV4 = \
1.1.1.1/SSL-com-Root-Certification-Authority-ECC \

View file

@ -30,7 +30,8 @@
}
:local TempToNum do={
:local T [ :toarray delimiter="." $1 ];
:global CharacterReplace;
:local T [ :toarray [ $CharacterReplace $1 "." "," ] ];
:return ($T->0 * 10 + $T->1);
}

View file

@ -30,7 +30,8 @@
:global ValidateSyntax;
:local TempToNum do={
:local T [ :toarray delimiter="." $1 ];
:global CharacterReplace;
:local T [ :toarray [ $CharacterReplace $1 "." "," ] ];
:return ($T->0 * 10 + $T->1);
}

View file

@ -70,13 +70,11 @@
:local Data false;
:local TimeOut [ $EitherOr [ :totime ($List->"timeout") ] $FwAddrListTimeOut ];
:foreach Cert in=[ :toarray delimiter=":" ($List->"cert") ] do={
:if ([ :len ($Cert) ] > 0) do={
:set CheckCertificate true;
:if ([ $CertificateAvailable $Cert "fetch" ] = false) do={
$LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \
" / " . $List->"url" . ") failed, trying anyway.");
}
:if ([ :len ($List->"cert") ] > 0) do={
:set CheckCertificate true;
:if ([ $CertificateAvailable ($List->"cert") "fetch" ] = false) do={
$LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \
" / " . $List->"url" . ") failed, trying anyway.");
}
}

View file

@ -112,11 +112,11 @@
:global FwAddrLists {
# "allow"={
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/allow";
# cert="ISRG Root X2:Root YE"; timeout=1w };
# cert="Root YE"; timeout=1w };
# };
"block"={
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/block";
# cert="ISRG Root X2:Root YE" };
# cert="Root YE" };
{ url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt";
# # higher level (decrease the numerical value) for more addresses, and vice versa
cert="ISRG Root X1" };
@ -131,7 +131,7 @@
};
# "mikrotik"={
# { url="https://rsc.eworm.de/main/fw-addr-lists.d/mikrotik";
# cert="ISRG Root X2:Root YE"; timeout=1w };
# cert="Root YE"; timeout=1w };
# };
};
:global FwAddrListTimeOut 1d;

View file

@ -1243,8 +1243,7 @@
:global SymbolForNotification;
:global ValidateSyntax;
:if ([ $CertificateAvailable "ISRG Root X2" "fetch" ] = false || \
[ $CertificateAvailable "Root YE" "fetch" ] = false) do={
:if ([ $CertificateAvailable "Root YE" "fetch" ] = false) do={
$LogPrint warning $0 ("Downloading certificate failed, trying without.");
}

View file

@ -16,6 +16,7 @@
:local ScriptName [ :jobname ];
:global CertificateAvailable;
:global CharacterReplace;
:global EitherOr;
:global IsDNSResolving;
:global LogPrint;
@ -99,7 +100,7 @@
}
:foreach DohServer in=$DohServers do={
:foreach DohCert in=[ :toarray delimiter=":" ($DohServer->"doh-cert") ] do={
:foreach DohCert in=[ :toarray [ $CharacterReplace ($DohServer->"doh-cert") ":" "," ] ] do={
:if ([ :len $DohCert ] > 0) do={
:if ([ $CertificateAvailable $DohCert "fetch" ] = false || \
[ $CertificateAvailable $DohCert "dns" ] = false) do={