mirror.MikroTik/eworm-de.routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2025-06-21 09:35:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fw-addr-lists: put addresses into "branches"...

Browse source 
... effectively adding another layer and some complexity, but:
The addresses are sorted inside the array, and sorting less addresses in
a branch saves a lot of processing power. So this is a lot faster now...
This commit is contained in:
Christian Hesse 2025-03-06 23:05:45 +01:00
parent 2f55bfaf00
commit e148df9e57
1 changed files with 37 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

29
fw-addr-lists.rsc
View file

@ -100,23 +100,24 @@
:set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr"));
}
:do {
:local Branch [ :pick $Address 0 1 ];
:if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={
:if ($Address ~ "/32\$") do={
:set Address [ :pick $Address 0 ([ :len $Address ] - 3) ];
}
:set ($IPv4Addresses->$Address) $TimeOut;
:set ($IPv4Addresses->$Branch->$Address) $TimeOut;
:error true;
}
:if ($Address ~ "^[0-9a-zA-Z]*:[0-9a-zA-Z:\\.]+(/[0-9]{1,3})?\$") do={
:if ($Address ~ "/128\$") do={
:set Address [ :pick $Address 0 ([ :len $Address ] - 4) ];
}
:set ($IPv6Addresses->$Address) $TimeOut;
:set ($IPv6Addresses->$Branch->$Address) $TimeOut;
:error true;
}
:if ($Address ~ "^[\\.a-zA-Z0-9-]+\\.[a-zA-Z]{2,}\$") do={
:set ($IPv4Addresses->$Address) $TimeOut;
:set ($IPv6Addresses->$Address) $TimeOut;
:set ($IPv4Addresses->$Branch->$Address) $TimeOut;
:set ($IPv6Addresses->$Branch->$Address) $TimeOut;
:error true;
}
} on-error={ }
@ -126,12 +127,13 @@
:foreach Entry in=[ /ip/firewall/address-list/find where \
list=$FwListName comment=$ListComment ] do={
:local Address [ /ip/firewall/address-list/get $Entry address ];
:local TimeOut ($IPv4Addresses->$Address);
:local Branch [ :pick $Address 0 1 ];
:local TimeOut ($IPv4Addresses->$Branch->$Address);
:if ([ :typeof $TimeOut ] = "time") do={
$LogPrintVerbose debug $ScriptName ("Renewing IPv4 address in list '" . $FwListName . \
"' with " . $TimeOut . ": " . $Address);
/ip/firewall/address-list/set $Entry timeout=$TimeOut;
:set ($IPv4Addresses->$Address);
:set ($IPv4Addresses->$Branch->$Address);
:set CntRenew ($CntRenew + 1);
} else={
:if ($Failure = false) do={
@ -146,12 +148,13 @@
:foreach Entry in=[ /ipv6/firewall/address-list/find where \
list=$FwListName comment=$ListComment ] do={
:local Address [ /ipv6/firewall/address-list/get $Entry address ];
:local TimeOut ($IPv6Addresses->$Address);
:local Branch [ :pick $Address 0 1 ];
:local TimeOut ($IPv6Addresses->$Branch->$Address);
:if ([ :typeof $TimeOut ] = "time") do={
$LogPrintVerbose debug $ScriptName ("Renewing IPv6 address in list '" . $FwListName . \
"' with " . $TimeOut . ": " . $Address);
/ipv6/firewall/address-list/set $Entry timeout=$TimeOut;
:set ($IPv6Addresses->$Address);
:set ($IPv6Addresses->$Branch->$Address);
:set CntRenew ($CntRenew + 1);
} else={
:if ($Failure = false) do={
@ -163,7 +166,9 @@
}
}
:foreach Address,Timeout in=$IPv4Addresses do={
:foreach BranchName,Branch in=$IPv4Addresses do={
$LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName);
:foreach Address,Timeout in=$Branch do={
$LogPrintVerbose debug $ScriptName ("Adding IPv4 address to list '" . $FwListName . \
"' with " . $Timeout . ": " . $Address);
:do {
@ -175,8 +180,11 @@
"': " . $Address);
}
}
}
:foreach Address,Timeout in=$IPv6Addresses do={
:foreach BranchName,Branch in=$IPv6Addresses do={
$LogPrintVerbose debug $ScriptName ("Handling branch: " . $BranchName);
:foreach Address,Timeout in=$Branch do={
$LogPrintVerbose debug $ScriptName ("Adding IPv6 address to list '" . $FwListName . \
"' with " . $Timeout . ": " . $Address);
:do {
@ -188,6 +196,7 @@
"': " . $Address);
}
}
}
$LogPrint info $ScriptName ("list: " . $FwListName . \
" (" . [ $HumanReadableNum ($CntAdd + $CntRenew) 1000 ] . ")" . \