mirror.MikroTik/eworm-de.routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2025-08-04 10:14:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
2704 commits 4 branches 238 tags 6.9 MiB
Commit graph

42 commits

Author SHA1 Message Date
Christian Hesse
e8b1e19b28 fw-addr-lists: spamhaus.org returned to 'GTS Root R4' 2025-01-22 12:33:46 +01:00
Christian Hesse
9e3729c279 update copyright for 2025 2025-01-02 00:04:06 +01:00
Christian Hesse
3ada3055ff fw-addr-lists: spamhaus.org returned to 'ISRG Root X1' 
This reverts commit 4d8dce9769.
 2024-12-30 19:51:42 +01:00
Christian Hesse
d1b9b1b410 mod/notification-ntfy: support authentication with bearer token 
Closes: https://github.com/eworm-de/routeros-scripts/issues/86
 2024-12-17 13:21:19 +01:00
Christian Hesse
d70efe910a mode-button: support led toggle without extra script 2024-12-17 11:20:09 +01:00
Christian Hesse
4d8dce9769 fw-addr-lists: spamhaus.org returned to 'GTS Root R4' 2024-11-22 14:06:22 +01:00
Christian Hesse
7229c756af fw-addr-lists: spamhaus.org requires 'ISRG Root X1' now 2024-10-23 20:17:44 +02:00
Christian Hesse
fe52bd4a0a fw-addr-lists: use lists in JSON format for spamhaus.org 2024-09-11 10:49:04 +02:00
Christian Hesse
f4c97559b3 fw-addr-lists: drop edrop.txt, which does no longer exist 2024-08-28 17:56:48 +02:00
Christian Hesse
917be4b425 fw-addr-lists: spamhaus.org requires 'GTS Root R4' now 
Fixes: https://github.com/eworm-de/routeros-scripts/issues/78
 2024-08-28 17:55:28 +02:00
Christian Hesse
7553870f2a certs: Cloudflare Inc ECC CA-3 -> Baltimore CyberTrust Root 2024-06-21 15:57:04 +02:00
Christian Hesse
944e125ef9 certs: Certum Domain Validation CA SHA2 -> Certum Trusted Network CA 2024-06-21 15:57:04 +02:00
Christian Hesse
b875d64724 certs: GlobalSign Atlas R3 DV TLS CA 2022 Q3 -> GlobalSign 2024-06-21 15:57:04 +02:00
Christian Hesse
3f51ebc125 certs: R3 / R10 -> ISRG Root X1 2024-06-21 15:57:04 +02:00
Christian Hesse
d1693a241b certs: E1 / E5 -> ISRG Root X2 
In the beginning of Let's Encrypt their root certificate ISRG Root X1
was not widely trusted, at least some older and/or mobile platforms were
missing that certificate in their root certificate store.
At that time Let's Encrypt was using an alternative chain of trust,
where a certificate was cross-signed with DST Root CA X3.

To make sure a valid chain of trust is available under all circumstances
a set of all certificates had to be supplied: both root vertificates
ISRG Root X1 & DST Root CA X3, and an intermediate certificate.
This was still true after DST Root CA X3 expired, as it could still be
used as a root anchor and was shipped by Let's Encrypt when requested. 🤪

This time is finally over, and we have a clean chain for trust ending in
ISRG Root X1 (or ISRG Root X2).
Well, actually it is the other way round... Let's Encrypt signs with
different tantamount intermediate certificates. There is not only E5, but
also E6 - and we can not know beforehand which one is used on renew.

So let's jetzt drop the intermediate certificates now, and rely on root
certificates only. We are perfectly fine with this these days.

Follow-up commits will do the same for *all* certificates.

The certificate is downloaded with:

    curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
 2024-06-21 15:55:45 +02:00
Christian Hesse
76dd069fa6 Let's Encrypt changed their intermediate certificates 
https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/

But let's keep the old ones around for now, as some sites are still
using the old intermediate.
 2024-06-19 09:29:23 +02:00
Christian Hesse
affa118161 backup-partition: support copy before feature update 2024-05-23 12:11:41 +02:00
Christian Hesse
c87a7519fe fw-addr-lists: add 'strongips' list from blocklist.de 2024-05-14 11:36:58 +02:00
Christian Hesse
ca2e5f2a01 mod/notification-ntfy: support basic auth 
Closes #59
 2024-04-15 09:11:17 +02:00
Christian Hesse
6845eb69b3 global-config: put example fw-addr-lists into repository 2024-03-20 13:34:37 +01:00
Christian Hesse
be231ce4f3 global-config: prepare a (commented) address-list for Mikrotik 
This is AS51894: https://bgp.he.net/AS51894
 2024-03-18 13:46:46 +01:00
Christian Hesse
1c61547284 global-config: merge loading overlay and snippets 2024-03-12 20:37:57 +01:00
Christian Hesse
a7cb3e520a global-config: support loading snippets 
This adds support for loading snippets, which need a name starting with
"global-config-overlay.d/". This allows to split off configuration if
desired.
 2024-03-12 20:36:21 +01:00
Christian Hesse
62f33d7b19 packages-update: support deferred reboot on auto-update 
Closes #56
 2024-01-30 00:02:08 +01:00
Christian Hesse
9a73fc526f update copyright for 2024 2024-01-01 15:25:25 +01:00
Christian Hesse
aba4770395 fw-addr-lists: support timeout per list 
This works with something like this:

    :global FwAddrLists {
      "allow"={
        { url="https://eworm.de/ros/fw-addr-lists/allow";
          cert="E1"; timeout=1w };
      };
      ...
    }

All urls for one named list should have the same timeout! With different
timeout values and identical addresses the behavior is besically undefined,
depending on order.
 2023-11-30 13:51:57 +01:00
Christian Hesse
8f75c17e0b global: switch eworm.de to new certificate chain (E1 / ISRG Root X2) 
old chain: R3 / ISRG Root X1
new chain: E1 / ISRG Root X2

No user interaction or migration is required for existing installations
as we install 'E1' and 'ISRG Root X2' for some time already.
 2023-10-26 22:15:05 +02:00
Christian Hesse
382f928568 global-functions: $ScriptInstallUpdate: drop support for scripts from storage 
Nobody ever used that, no?
(Well, except me - just before I implemented fetching. 😜)
 2023-10-17 14:05:03 +02:00
Christian Hesse
5932586ee4 introduce mod/notification-ntfy... 
... for sending notifications via Ntfy (https://ntfy.sh/).

TODO: use proper formatting once supported in Android app:
https://github.com/binwiederhier/ntfy/issues/889
 2023-10-17 14:05:03 +02:00
Christian Hesse
f6e65dd68c log-forward: add 'packet' in default filter... 
... which is used when logging raw packets from dns and ssh,
and possibly others.
 2023-10-17 14:05:03 +02:00
Christian Hesse
fed7f2da46 mod/notification-telegram: drop support for non-fixed width font 2023-10-16 15:27:14 +02:00
Christian Hesse
702abd2a5d log-forward: add 'raw' in default filter... 
... which is used when logging raw packets or commands.
 2023-10-05 22:20:32 +02:00
Christian Hesse
7b47ed7ea5 check-routeros-update: support update from specific neighbor(s) 
... by matching the identity property.
 2023-08-31 09:40:09 +02:00
Christian Hesse
29f0a14b7e global-config: escaping question mark is no longer required 2023-06-27 09:14:36 +02:00
Christian Hesse
458fe7c088 fw-addr-lists: prepare lists from spamhaus.org in config 2023-06-13 20:26:55 +02:00
Christian Hesse
53ad7b717d fw-addr-lists: add lists from abuse.ch in config 2023-06-13 20:26:55 +02:00
Christian Hesse
e19e33d0a8 introduce fw-addr-lists 2023-06-13 20:26:55 +02:00
Christian Hesse
1568df3b4f global-config: end all (array) variables with a semicolon 2023-05-31 11:41:50 +02:00
Christian Hesse
a3a7e5be4b global-config: restore variables still used in ipsec-to-dns (for now) 2023-04-26 10:31:23 +02:00
Christian Hesse
5c7a7723f3 global-config: be more verbose about domain 2023-04-26 10:30:10 +02:00
Christian Hesse
ee94024dca dhcp-to-dns: get domain from dhcp server's network definition 2023-04-24 22:26:26 +02:00
Christian Hesse
a832fd04ef rename scripts and add file extension ".rsc" 
No functional change for the user... The migration is done
automatically.
 2023-03-07 22:26:01 +01:00