Compare commits
38 commits
change-135
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
ce39b79f69 | ||
|
|
20bf609c44 | ||
|
|
b63e0fcb2f | ||
|
|
1555426687 | ||
|
|
97b99316b2 | ||
|
|
788400c458 | ||
|
|
eb59dd21ca | ||
|
|
79a4b369cb | ||
|
|
f0e6cbcfe1 | ||
|
|
d71ea804b0 | ||
|
|
e148df9e57 | ||
|
|
2f55bfaf00 | ||
|
|
ea6de35699 | ||
|
|
fb343c99e3 | ||
|
|
7be26a0712 | ||
|
|
6d718ec987 | ||
|
|
e341e1c30c | ||
|
|
b43b1b3955 | ||
|
|
1b46a5fd9b | ||
|
|
b13360e4b8 | ||
|
|
c9de6d8579 | ||
|
|
10374afc18 | ||
|
|
0c1d96f89d | ||
|
|
3ccaafd1b3 | ||
|
|
469f783a92 | ||
|
|
33c02e0609 | ||
|
|
6331505dbe | ||
|
|
0c4fb42616 | ||
|
|
f5189b8bd7 | ||
|
|
e2fe653035 | ||
|
|
b11be59b08 | ||
|
|
24de060904 | ||
|
|
14195c51ca | ||
|
|
e833dfcf25 | ||
|
|
512c54bd59 | ||
|
|
3d40b4419d | ||
|
|
a6d4e7e82c | ||
|
|
f6c2225f68 |
16 changed files with 214 additions and 71 deletions
14
DEBUG.md
14
DEBUG.md
|
|
@ -44,6 +44,20 @@ instead.
|
|||
|
||||
Disable or remote that setting to restore regular logging.
|
||||
|
||||
## Verbose output
|
||||
|
||||
Specific scripts can generate huge amount of output. These do use a function
|
||||
`$LogPrintVerbose`, which is declared, but has no code, intentionally.
|
||||
|
||||
If you *really* want that output set the function to be the same as
|
||||
`$LogPrint`:
|
||||
|
||||
:set LogPrintVerbose $LogPrint;
|
||||
|
||||
To revert that change just run:
|
||||
|
||||
:set LogPrintVerbose;
|
||||
|
||||
---
|
||||
[⬅️ Go back to main README](README.md)
|
||||
[⬆️ Go back to top](#top)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Run the complete base installation:
|
|||
{
|
||||
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem" as-value;
|
||||
:delay 1s;
|
||||
/certificate/import file-name=isrg-root-x2.pem passphrase="";
|
||||
/certificate/import file-name="isrg-root-x2.pem" passphrase="";
|
||||
:if ([ :len [ /certificate/find where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 1) do={
|
||||
:error "Something is wrong with your certificates!";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@ file to your MikroTik device.
|
|||
|
||||
Then we import the certificate.
|
||||
|
||||
/certificate/import file-name=isrg-root-x2.pem passphrase="";
|
||||
/certificate/import file-name="isrg-root-x2.pem" passphrase="";
|
||||
|
||||
Do not worry that the command is not shown - that happens because it contains
|
||||
a sensitive property, the passphrase.
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
:if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
|
||||
($File->"package-architecture") $PackagePath ] = true) do={
|
||||
:set Updated true;
|
||||
$RmFile $Package;
|
||||
$RmFile ($File->"name");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@
|
|||
:if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
|
||||
($File->"package-architecture") $PackagePath ] = true) do={
|
||||
:set Updated true;
|
||||
$RmFile $Package;
|
||||
$RmFile ($File->"name");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@
|
|||
:if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
|
||||
($File->"package-architecture") $PackagePath ] = true) do={
|
||||
:set Updated true;
|
||||
$RmFile $Package;
|
||||
$RmFile ($File->"name");
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ DOMAINS_DUAL = \
|
|||
git.eworm.de/ISRG-Root-X2 \
|
||||
lists.blocklist.de/Certum-Trusted-Network-CA \
|
||||
matrix.org/GTS-Root-R4 \
|
||||
raw.githubusercontent.com/DigiCert-Global-Root-G2 \
|
||||
raw.githubusercontent.com/USERTrust-RSA-Certification-Authority \
|
||||
rsc.eworm.de/ISRG-Root-X2 \
|
||||
upgrade.mikrotik.com/ISRG-Root-X1
|
||||
DOMAINS_IPV4 = \
|
||||
|
|
|
|||
41
certs/USERTrust-RSA-Certification-Authority.pem
Normal file
41
certs/USERTrust-RSA-Certification-Authority.pem
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
# Issuer: CN=USERTrust RSA Certification Authority O=The USERTRUST Network
|
||||
# Subject: CN=USERTrust RSA Certification Authority O=The USERTRUST Network
|
||||
# Label: "USERTrust RSA Certification Authority"
|
||||
# Serial: 2645093764781058787591871645665788717
|
||||
# MD5 Fingerprint: 1b:fe:69:d1:91:b7:19:33:a3:72:a8:0f:e1:55:e5:b5
|
||||
# SHA1 Fingerprint: 2b:8f:1b:57:33:0d:bb:a2:d0:7a:6c:51:f7:0e:e9:0d:da:b9:ad:8e
|
||||
# SHA256 Fingerprint: e7:93:c9:b0:2f:d8:aa:13:e2:1c:31:22:8a:cc:b0:81:19:64:3b:74:9c:89:89:64:b1:74:6d:46:c3:d4:cb:d2
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB
|
||||
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
|
||||
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
|
||||
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw
|
||||
MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV
|
||||
BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
|
||||
aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy
|
||||
dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
|
||||
AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B
|
||||
3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY
|
||||
tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/
|
||||
Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2
|
||||
VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT
|
||||
79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6
|
||||
c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT
|
||||
Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l
|
||||
c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee
|
||||
UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE
|
||||
Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
|
||||
BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G
|
||||
A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF
|
||||
Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO
|
||||
VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3
|
||||
ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs
|
||||
8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR
|
||||
iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze
|
||||
Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ
|
||||
XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/
|
||||
qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB
|
||||
VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB
|
||||
L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG
|
||||
jjxDah2nGN59PRbxYvnKkKj9
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -48,21 +48,26 @@
|
|||
:global UrlEncode;
|
||||
:global WaitForFile;
|
||||
|
||||
:local Return false;
|
||||
:foreach Type in={ "p12"; "pem" } do={
|
||||
:local CertFileName ([ $UrlEncode $FetchName ] . "." . $Type);
|
||||
$LogPrint debug $ScriptName ("Trying type '" . $Type . "' for '" . $CertName . \
|
||||
"' (file '" . $CertFileName . "')...");
|
||||
|
||||
:foreach Type in={ ".pem"; ".p12" } do={
|
||||
:local CertFileName ([ $UrlEncode $FetchName ] . $Type);
|
||||
:do {
|
||||
/tool/fetch check-certificate=yes-without-crl http-header-field=({ [ $FetchUserAgentStr $ScriptName ] }) \
|
||||
($CertRenewUrl . $CertFileName) dst-path=$CertFileName as-value;
|
||||
$WaitForFile $CertFileName;
|
||||
|
||||
:local DecryptionFailed true;
|
||||
:foreach PassPhrase in=$CertRenewPass do={
|
||||
:foreach I,PassPhrase in=$CertRenewPass do={
|
||||
:do {
|
||||
$LogPrint debug $ScriptName ("Trying " . $I . ". passphrase... ");
|
||||
:local Result [ /certificate/import file-name=$CertFileName passphrase=$PassPhrase as-value ];
|
||||
:if ($Result->"decryption-failures" = 0) do={
|
||||
$LogPrint debug $ScriptName ("Success!");
|
||||
:set DecryptionFailed false;
|
||||
}
|
||||
} on-error={ }
|
||||
}
|
||||
$RmFile $CertFileName;
|
||||
|
||||
|
|
@ -77,13 +82,13 @@
|
|||
$CertificateNameByCN [ /certificate/get $CertInChain common-name ];
|
||||
}
|
||||
|
||||
:set Return true;
|
||||
:return true;
|
||||
} on-error={
|
||||
$LogPrint debug $ScriptName ("Could not download certificate file '" . $CertFileName . "'.");
|
||||
}
|
||||
}
|
||||
|
||||
:return $Return;
|
||||
:return false;
|
||||
}
|
||||
|
||||
:local FormatInfo do={
|
||||
|
|
|
|||
|
|
@ -66,6 +66,27 @@
|
|||
:error "A reboot for update is already scheduled.";
|
||||
}
|
||||
|
||||
:local License [ /system/license/get ];
|
||||
:if ([ :typeof ($License->"deadline-at") ] = "str") do={
|
||||
:if ([ :len ($License->"next-renewal-at") ] = 0 && ($License->"limited-upgrades") = true) do={
|
||||
$LogPrint warning $ScriptName ("Your license expired on " . ($License->"deadline-at") . "!");
|
||||
$SendNotification2 ({ origin=$ScriptName; \
|
||||
subject=([ $SymbolForNotification "warning-sign" ] . "License expired!"); \
|
||||
message=("Your license expired on " . ($License->"deadline-at") . \
|
||||
", can no longer update RouterOS on " . $Identity . "...") });
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
}
|
||||
|
||||
:if ([ :totime ($License->"deadline-at") ] - 3w < [ :timestamp ]) do={
|
||||
$LogPrint warning $ScriptName ("Your license will expire on " . ($License->"deadline-at") . "!");
|
||||
$SendNotification2 ({ origin=$ScriptName; \
|
||||
subject=([ $SymbolForNotification "warning-sign" ] . "License about to expire!"); \
|
||||
message=("Your license failed to renew and is about to expire on " . \
|
||||
($License->"deadline-at") . " on " . $Identity . "...") });
|
||||
}
|
||||
}
|
||||
|
||||
$LogPrint debug $ScriptName ("Checking for updates...");
|
||||
/system/package/update/check-for-updates without-paging as-value;
|
||||
:local Update [ /system/package/update/get ];
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@
|
|||
:global HumanReadableNum;
|
||||
:global LogPrint;
|
||||
:global LogPrintOnce;
|
||||
:global LogPrintVerbose;
|
||||
:global ScriptLock;
|
||||
:global WaitFullyConnected;
|
||||
|
||||
|
|
@ -36,6 +37,11 @@
|
|||
}
|
||||
}
|
||||
|
||||
:local GetBranch do={
|
||||
:global EitherOr;
|
||||
:return [ :pick [ :convert transform=md5 to=hex [ :pick $1 0 [ $EitherOr [ :find $1 "/" ] [ :len $1 ] ] ] ] 0 2 ];
|
||||
}
|
||||
|
||||
:if ([ $ScriptLock $ScriptName ] = false) do={
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
|
|
@ -99,17 +105,24 @@
|
|||
:set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr"));
|
||||
}
|
||||
:do {
|
||||
:local Branch [ $GetBranch $Address ];
|
||||
:if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={
|
||||
:set ($IPv4Addresses->$Address) $TimeOut;
|
||||
:if ($Address ~ "/32\$") do={
|
||||
:set Address [ :pick $Address 0 ([ :len $Address ] - 3) ];
|
||||
}
|
||||
:set ($IPv4Addresses->$Branch->$Address) $TimeOut;
|
||||
:error true;
|
||||
}
|
||||
:if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={
|
||||
:set ($IPv6Addresses->$Address) $TimeOut;
|
||||
:if ($Address ~ "/128\$") do={
|
||||
:set Address [ :pick $Address 0 ([ :len $Address ] - 4) ];
|
||||
}
|
||||
:set ($IPv6Addresses->$Branch->$Address) $TimeOut;
|
||||
:error true;
|
||||
}
|
||||
:if ($Address ~ "^[\\.a-zA-Z0-9-]+\\.[a-zA-Z]{2,}\$") do={
|
||||
:set ($IPv4Addresses->$Address) $TimeOut;
|
||||
:set ($IPv6Addresses->$Address) $TimeOut;
|
||||
:set ($IPv4Addresses->$Branch->$Address) $TimeOut;
|
||||
:set ($IPv6Addresses->$Branch->$Address) $TimeOut;
|
||||
:error true;
|
||||
}
|
||||
} on-error={ }
|
||||
|
|
@ -119,15 +132,17 @@
|
|||
:foreach Entry in=[ /ip/firewall/address-list/find where \
|
||||
list=$FwListName comment=$ListComment ] do={
|
||||
:local Address [ /ip/firewall/address-list/get $Entry address ];
|
||||
:if ([ :typeof ($IPv4Addresses->$Address) ] = "time") do={
|
||||
$LogPrint debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \
|
||||
"' with " . ($IPv4Addresses->$Address) . ": " . $Address);
|
||||
/ip/firewall/address-list/set $Entry timeout=($IPv4Addresses->$Address);
|
||||
:set ($IPv4Addresses->$Address);
|
||||
:local Branch [ $GetBranch $Address ];
|
||||
:local TimeOut ($IPv4Addresses->$Branch->$Address);
|
||||
:if ([ :typeof $TimeOut ] = "time") do={
|
||||
$LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \
|
||||
"' with " . $TimeOut . ": " . $Address);
|
||||
/ip/firewall/address-list/set $Entry timeout=$TimeOut;
|
||||
:set ($IPv4Addresses->$Branch->$Address);
|
||||
:set CntRenew ($CntRenew + 1);
|
||||
} else={
|
||||
:if ($Failure = false) do={
|
||||
$LogPrint debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \
|
||||
$LogPrintVerbose debug $ScriptName ("Removing IPv4 address from list '" . $FwListName . \
|
||||
"': " . $Address);
|
||||
/ip/firewall/address-list/remove $Entry;
|
||||
:set CntRemove ($CntRemove + 1);
|
||||
|
|
@ -138,15 +153,17 @@
|
|||
:foreach Entry in=[ /ipv6/firewall/address-list/find where \
|
||||
list=$FwListName comment=$ListComment ] do={
|
||||
:local Address [ /ipv6/firewall/address-list/get $Entry address ];
|
||||
:if ([ :typeof ($IPv6Addresses->$Address) ] = "time") do={
|
||||
$LogPrint debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \
|
||||
"' with " . ($IPv6Addresses->$Address) . ": " . $Address);
|
||||
/ipv6/firewall/address-list/set $Entry timeout=($IPv6Addresses->$Address);
|
||||
:set ($IPv6Addresses->$Address);
|
||||
:local Branch [ $GetBranch $Address ];
|
||||
:local TimeOut ($IPv6Addresses->$Branch->$Address);
|
||||
:if ([ :typeof $TimeOut ] = "time") do={
|
||||
$LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \
|
||||
"' with " . $TimeOut . ": " . $Address);
|
||||
/ipv6/firewall/address-list/set $Entry timeout=$TimeOut;
|
||||
:set ($IPv6Addresses->$Branch->$Address);
|
||||
:set CntRenew ($CntRenew + 1);
|
||||
} else={
|
||||
:if ($Failure = false) do={
|
||||
$LogPrint debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \
|
||||
$LogPrintVerbose debug $ScriptName ("Removing IPv6 address from list '" . $FwListName . \
|
||||
"': " . $Address);
|
||||
/ipv6/firewall/address-list/remove $Entry;
|
||||
:set CntRemove ($CntRemove + 1);
|
||||
|
|
@ -154,33 +171,37 @@
|
|||
}
|
||||
}
|
||||
|
||||
:foreach Address,Timeout in=$IPv4Addresses do={
|
||||
$LogPrint debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \
|
||||
:foreach BranchName,Branch in=$IPv4Addresses do={
|
||||
$LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName);
|
||||
:foreach Address,Timeout in=$Branch do={
|
||||
$LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \
|
||||
"' with " . $Timeout . ": " . $Address);
|
||||
:do {
|
||||
/ip/firewall/address-list/add list=$FwListName comment=$ListComment \
|
||||
address=$Address timeout=$Timeout;
|
||||
:set ($IPv4Addresses->$Address);
|
||||
:set CntAdd ($CntAdd + 1);
|
||||
} on-error={
|
||||
$LogPrint warning $ScriptName ("Failed to add IPv4 address to list '" . $FwListName . \
|
||||
"': " . $Address);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
:foreach Address,Timeout in=$IPv6Addresses do={
|
||||
$LogPrint debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \
|
||||
:foreach BranchName,Branch in=$IPv6Addresses do={
|
||||
$LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName);
|
||||
:foreach Address,Timeout in=$Branch do={
|
||||
$LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \
|
||||
"' with " . $Timeout . ": " . $Address);
|
||||
:do {
|
||||
/ipv6/firewall/address-list/add list=$FwListName comment=$ListComment \
|
||||
address=$Address timeout=$Timeout;
|
||||
:set ($IPv6Addresses->$Address);
|
||||
:set CntAdd ($CntAdd + 1);
|
||||
} on-error={
|
||||
$LogPrint warning $ScriptName ("Failed to add IPv6 address to list '" . $FwListName . \
|
||||
"': " . $Address);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$LogPrint info $ScriptName ("list: " . $FwListName . \
|
||||
" (" . [ $HumanReadableNum ($CntAdd + $CntRenew) 1000 ] . ")" . \
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@
|
|||
# cert="ISRG Root X2" };
|
||||
{ url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt";
|
||||
# # higher level (decrease the numerical value) for more addresses, and vice versa
|
||||
cert="DigiCert Global Root G2" };
|
||||
cert="USERTrust RSA Certification Authority" };
|
||||
{ url="https://www.dshield.org/block.txt"; cidr="/24";
|
||||
cert="ISRG Root X1" };
|
||||
{ url="https://lists.blocklist.de/lists/strongips.txt";
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@
|
|||
:global IsTimeSync;
|
||||
:global LogPrint;
|
||||
:global LogPrintOnce;
|
||||
:global LogPrintVerbose;
|
||||
:global MAX;
|
||||
:global MIN;
|
||||
:global MkDir;
|
||||
|
|
@ -848,6 +849,9 @@
|
|||
:return true;
|
||||
}
|
||||
|
||||
# The function $LogPrintVerbose is declared, but has no code, intentionally.
|
||||
# https://rsc.eworm.de/DEBUG.md#verbose-output
|
||||
|
||||
# get max value
|
||||
:set MAX do={
|
||||
:if ($1 > $2) do={ :return $1; }
|
||||
|
|
@ -1150,6 +1154,14 @@
|
|||
:local ReloadGlobalConfig false;
|
||||
:local DeviceMode [ /system/device-mode/get ];
|
||||
|
||||
:local CheckSums ({});
|
||||
:do {
|
||||
:local Url ($ScriptUpdatesBaseUrl . "checksums.json" . $ScriptUpdatesUrlSuffix);
|
||||
$LogPrint debug $0 ("Fetching checksums from url: " . $Url);
|
||||
:set CheckSums [ :deserialize from=json ([ /tool/fetch check-certificate=yes-without-crl \
|
||||
http-header-field=({ [ $FetchUserAgentStr $0 ] }) $Url output=user as-value ]->"data") ];
|
||||
} on-error={ }
|
||||
|
||||
:foreach Script in=[ /system/script/find where source~"^#!rsc by RouterOS\r?\n" ] do={
|
||||
:local ScriptVal [ /system/script/get $Script ];
|
||||
:local ScriptInfo [ $ParseKeyValueStore ($ScriptVal->"comment") ];
|
||||
|
|
@ -1163,7 +1175,19 @@
|
|||
}
|
||||
}
|
||||
|
||||
:if (!($ScriptInfo->"ignore" = true)) do={
|
||||
:do {
|
||||
:if ($ScriptInfo->"ignore" = true) do={
|
||||
$LogPrint debug $0 ("Ignoring script '" . $ScriptVal->"name" . "', as requested.");
|
||||
:error true;
|
||||
}
|
||||
|
||||
:local CheckSum ($CheckSums->($ScriptVal->"name"));
|
||||
:if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \
|
||||
[ :convert transform=md5 to=hex [ :tolf ($ScriptVal->"source") ] ] = $CheckSum) do={
|
||||
$LogPrint debug $0 ("Checksum for script '" . $ScriptVal->"name" . "' matches, ignoring.");
|
||||
:error true;
|
||||
}
|
||||
|
||||
:do {
|
||||
:local BaseUrl [ $EitherOr ($ScriptInfo->"base-url") $ScriptUpdatesBaseUrl ];
|
||||
:local UrlSuffix [ $EitherOr ($ScriptInfo->"url-suffix") $ScriptUpdatesUrlSuffix ];
|
||||
|
|
@ -1182,10 +1206,9 @@
|
|||
} else={
|
||||
$LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "'!");
|
||||
}
|
||||
}
|
||||
:error false;
|
||||
}
|
||||
|
||||
:do {
|
||||
:if ([ :len $SourceNew ] = 0) do={
|
||||
$LogPrint debug $0 ("No update for script '" . $ScriptVal->"name" . "'.");
|
||||
:error false;
|
||||
|
|
|
|||
|
|
@ -20,7 +20,9 @@
|
|||
:global ScriptLock;
|
||||
|
||||
:local NaAddress $"na-address";
|
||||
:local NaValid $"na-valid";
|
||||
:local PdPrefix $"pd-prefix";
|
||||
:local PdValid $"pd-valid";
|
||||
|
||||
:if ([ $ScriptLock $ScriptName ] = false) do={
|
||||
:set ExitOK true;
|
||||
|
|
@ -33,12 +35,18 @@
|
|||
:error false;
|
||||
}
|
||||
|
||||
:if ([ :typeof $PdPrefix ] = "nothing") do={
|
||||
:if ([ :typeof $PdPrefix ] = "nothing" || [ :typeof $PdValid ] = "nothing") do={
|
||||
$LogPrint error $ScriptName ("This script is supposed to run from ipv6 dhcp-client.");
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
}
|
||||
|
||||
:if ($PdValid != 1) do={
|
||||
$LogPrint info $ScriptName ("The prefix " . $PdPrefix . " is no longer valid. Ignoring.");
|
||||
:set ExitOK true;
|
||||
:error false;
|
||||
}
|
||||
|
||||
:local Pool [ /ipv6/pool/get [ find where prefix=$PdPrefix ] name ];
|
||||
:if ([ :len [ /ipv6/firewall/address-list/find where comment=("ipv6-pool-" . $Pool) ] ] = 0) do={
|
||||
/ipv6/firewall/address-list/add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool) dynamic=yes;
|
||||
|
|
|
|||
|
|
@ -82,12 +82,18 @@
|
|||
}
|
||||
|
||||
:local JSON [ :deserialize from=json value=$Data ];
|
||||
:foreach Update in=($JSON->"result") do={
|
||||
$LogPrint info $0 ("The chat id is: " . ($Update->"message"->"chat"->"id"));
|
||||
:return true;
|
||||
:local Count [ :len ($JSON->"result") ];
|
||||
|
||||
:if ($Count = 0) do={
|
||||
$LogPrint info $0 ("No message received.");
|
||||
:return false;
|
||||
}
|
||||
|
||||
$LogPrint info $0 ("No message received.");
|
||||
:local Message ($JSON->"result"->($Count - 1)->"message");
|
||||
$LogPrint info $0 ("The chat id is: " . ($Message->"chat"->"id"));
|
||||
:if (($Message->"is_topic_message") = true) do={
|
||||
$LogPrint info $0 ("The thread id is: " . ($Message->"message_thread_id"));
|
||||
}
|
||||
} on-error={
|
||||
:global ExitError; $ExitError false $0;
|
||||
} }
|
||||
|
|
|
|||
|
|
@ -61,16 +61,20 @@
|
|||
:global GetRandom20CharAlNum;
|
||||
|
||||
:local FwAddrList ($ScriptName . "-" . [ $GetRandom20CharAlNum ]);
|
||||
/ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s;
|
||||
:if ([ :typeof [ :toip $Expected ] ] = "ip") do={
|
||||
/ip/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s;
|
||||
:delay 20ms;
|
||||
:if ([ :len [ /ip/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={
|
||||
:return true;
|
||||
}
|
||||
/ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=1s;
|
||||
}
|
||||
:if ([ :typeof [ :toip6 $Expected ] ] = "ip6") do={
|
||||
/ipv6/firewall/address-list/add address=$Name list=$FwAddrList dynamic=yes timeout=10s;
|
||||
:delay 20ms;
|
||||
:if ([ :len [ /ipv6/firewall/address-list/find where list=$FwAddrList address=$Expected ] ] > 0) do={
|
||||
:return true;
|
||||
}
|
||||
}
|
||||
|
||||
:return false;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue