mirror of
https://git.eworm.de/cgit/routeros-scripts
synced 2025-07-16 13:04:30 +02:00
Merge branch 'doc' into ros-v7-path-syntax
This commit is contained in:
Christian Hesse
commit
12655bd58a
71 changed files with 165 additions and 182 deletions
|
|
@ -7,35 +7,30 @@ Initial commands
|
|||
> not aware of the procedure please follow
|
||||
> [the long way in detail](README.md#the-long-way-in-detail).
|
||||
|
||||
One extra step is required if you run RouterOS v6:
|
||||
|
||||
:global ScriptUpdatesUrlSuffix "\?h=routeros-v6";
|
||||
|
||||
Then run the complete base installation:
|
||||
Run the complete base installation:
|
||||
|
||||
{
|
||||
:global ScriptUpdatesUrlSuffix;
|
||||
/ tool fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem" as-value;
|
||||
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem" as-value;
|
||||
:delay 1s;
|
||||
/ certificate import file-name=letsencrypt-R3.pem passphrase="";
|
||||
:if ([ :len [ / certificate find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] ] != 2) do={
|
||||
/certificate/import file-name=letsencrypt-R3.pem passphrase="";
|
||||
:if ([ :len [ /certificate/find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] ] != 2) do={
|
||||
:error "Something is wrong with your certificates!";
|
||||
};
|
||||
/ file remove "letsencrypt-R3.pem";
|
||||
/file/remove "letsencrypt-R3.pem";
|
||||
:delay 1s;
|
||||
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
|
||||
/ system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . $ScriptUpdatesUrlSuffix) output=user as-value]->"data");
|
||||
/system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script) output=user as-value]->"data");
|
||||
};
|
||||
/ system script { run global-config; run global-functions; };
|
||||
/ system scheduler add name="global-scripts" start-time=startup on-event="/ system script { run global-config; run global-functions; }";
|
||||
/system/script { run global-config; run global-functions; };
|
||||
/system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
|
||||
:global CertificateNameByCN;
|
||||
$CertificateNameByCN "R3";
|
||||
$CertificateNameByCN "ISRG Root X1";
|
||||
}
|
||||
};
|
||||
|
||||
Optional to update the scripts automatically:
|
||||
|
||||
/ system scheduler add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
/system/scheduler/add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
|
||||
---
|
||||
[◀ Go back to main README](README.md)
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 2.1 KiB After Width: | Height: | Size: 2.1 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2.3 KiB After Width: | Height: | Size: 2.2 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 4.9 KiB After Width: | Height: | Size: 4.7 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 4.5 KiB After Width: | Height: | Size: 3.7 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 6.4 KiB After Width: | Height: | Size: 6.4 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2.9 KiB After Width: | Height: | Size: 1.9 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2.3 KiB After Width: | Height: | Size: 2.1 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 1.9 KiB After Width: | Height: | Size: 1.7 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2.4 KiB After Width: | Height: | Size: 2.4 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2 KiB After Width: | Height: | Size: 1.8 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 1.6 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2.3 KiB After Width: | Height: | Size: 2.2 KiB |
|
|
@ -1,3 +1,3 @@
|
|||
#!rsc by RouterOS
|
||||
|
||||
:put ("Hello World from " . [ / system identity get name ] . "!");
|
||||
:put ("Hello World from " . [ /system/identity/get name ] . "!");
|
||||
|
|
|
|||
47
README.md
47
README.md
|
|
@ -23,6 +23,9 @@ Make sure to install latest updates before you begin.
|
|||
|
||||
Specific scripts may require even newer RouterOS version.
|
||||
|
||||
> ℹ️ **Info**: The `main` branch is now RouterOS v7 only. If you are still
|
||||
> running RouterOS v6 switch to `routeros-v6` branch!
|
||||
|
||||
Initial setup
|
||||
-------------
|
||||
|
||||
|
|
@ -50,7 +53,7 @@ download the certificates. If you intend to download the scripts from a
|
|||
different location (for example from github.com) install the corresponding
|
||||
certificate chain.
|
||||
|
||||
/ tool fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem";
|
||||
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem";
|
||||
|
||||
|
||||
|
||||
|
|
@ -63,16 +66,16 @@ files to your MikroTik device.
|
|||
|
||||
Then we import the certificates.
|
||||
|
||||
/ certificate import file-name=letsencrypt-R3.pem passphrase="";
|
||||
/certificate/import file-name=letsencrypt-R3.pem passphrase="";
|
||||
|
||||
|
||||
|
||||
For basic verification we rename the certificates and print their count. Make
|
||||
sure the certificate count is **two**.
|
||||
|
||||
/ certificate set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ];
|
||||
/ certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ];
|
||||
/ certificate print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6";
|
||||
/certificate/set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ];
|
||||
/certificate/set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ];
|
||||
/certificate/print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6";
|
||||
|
||||
|
||||
|
||||
|
|
@ -82,14 +85,9 @@ All following commands will verify the server certificate. For validity the
|
|||
certificate's lifetime is checked with local time, so make sure the device's
|
||||
date and time is set correctly!
|
||||
|
||||
One extra step is required if you run RouterOS v6:
|
||||
|
||||
:global ScriptUpdatesUrlSuffix "\?h=routeros-v6";
|
||||
|
||||
Now let's download the main scripts and add them in configuration on the fly.
|
||||
|
||||
:global ScriptUpdatesUrlSuffix;
|
||||
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . $ScriptUpdatesUrlSuffix) output=user as-value]->"data"); };
|
||||
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); };
|
||||
|
||||
|
||||
|
||||
|
|
@ -98,35 +96,24 @@ The configuration needs to be tweaked for your needs. Edit
|
|||
[`global-config`](global-config) (the one without `-overlay`).
|
||||
Save changes and exit with `Ctrl-o`.
|
||||
|
||||
/ system script edit global-config-overlay source;
|
||||
/system/script edit global-config-overlay source;
|
||||
|
||||
|
||||
|
||||
And finally load configuration and functions and add the scheduler.
|
||||
|
||||
/ system script { run global-config; run global-functions; };
|
||||
/ system scheduler add name="global-scripts" start-time=startup on-event="/ system script { run global-config; run global-functions; }";
|
||||
/system/script { run global-config; run global-functions; };
|
||||
/system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
|
||||
|
||||
|
||||
|
||||
The last step is optional: Add this scheduler **only** if you want the scripts
|
||||
to be updated automatically!
|
||||
|
||||
/ system scheduler add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
/system/scheduler/add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
|
||||
|
||||
|
||||
### Changes for RouterOS v6
|
||||
|
||||
RouterOS v7 is the way to go, let's consider RouterOS v6 deprecated.
|
||||
If you want to stay with RouterOS v6 for some time add these lines
|
||||
to your `global-config-overlay`, if missing:
|
||||
|
||||
# Use branch routeros-v6 with RouterOS v6:
|
||||
:global ScriptUpdatesUrlSuffix "\?h=routeros-v6";
|
||||
|
||||
Then reload the configuration.
|
||||
|
||||
Updating scripts
|
||||
----------------
|
||||
|
||||
|
|
@ -155,7 +142,7 @@ Most scripts are designed to run regularly from
|
|||
added `check-routeros-update`, so let's run it every hour to make sure not to
|
||||
miss an update.
|
||||
|
||||
/ system scheduler add name="check-routeros-update" interval=1h on-event="/ system script run check-routeros-update;";
|
||||
/system/scheduler/add name="check-routeros-update" interval=1h on-event="/system/script/run check-routeros-update;";
|
||||
|
||||
|
||||
|
||||
|
|
@ -164,8 +151,8 @@ in DNS use `dhcp-to-dns` with the events from dhcp server. For a regular
|
|||
cleanup add a scheduler entry.
|
||||
|
||||
$ScriptInstallUpdate dhcp-to-dns,lease-script;
|
||||
/ ip dhcp-server set lease-script=lease-script [ find ];
|
||||
/ system scheduler add name="dhcp-to-dns" interval=5m on-event="/ system script run dhcp-to-dns;";
|
||||
/ip/dhcp-server/set lease-script=lease-script [ find ];
|
||||
/system/scheduler/add name="dhcp-to-dns" interval=5m on-event="/system/script/run dhcp-to-dns;";
|
||||
|
||||
|
||||
|
||||
|
|
@ -240,7 +227,7 @@ still use my scripts to manage and deploy yours, by specifying `base-url`
|
|||
|
||||
This will fetch and install a script `hello-world.rsc` from the given url:
|
||||
|
||||
$ScriptInstallUpdate hello-world.rsc "base-url=https://git.eworm.de/cgit/routeros-scripts/plain/README.d/"
|
||||
$ScriptInstallUpdate hello-world.rsc "base-url=https://git.eworm.de/cgit/routeros-scripts/plain/README.d/";
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 5.1 KiB After Width: | Height: | Size: 5.1 KiB |
|
|
@ -15,8 +15,8 @@ entries in wireless access list.
|
|||
Requirements and installation
|
||||
-----------------------------
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
|
@ -31,7 +31,7 @@ Usage and invocation
|
|||
|
||||
Run this script from a terminal:
|
||||
|
||||
/ system script run accesslist-duplicates.local;
|
||||
/system/script/run accesslist-duplicates.local;
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -45,11 +45,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-cloud;
|
||||
/system/script/run backup-cloud;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-cloud on-event="/ system script run backup-cloud;" start-time=09:20:00;
|
||||
/system/scheduler/add interval=1w name=backup-cloud on-event="/system/script/run backup-cloud;" start-time=09:20:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ Send backup via e-mail
|
|||
Description
|
||||
-----------
|
||||
|
||||
This script sends binary backup (`/ system backup save`) and complete
|
||||
configuration export (`/ export terse show-sensitive`) via e-mail.
|
||||
This script sends binary backup (`/system/backup/save`) and complete
|
||||
configuration export (`/export terse show-sensitive`) via e-mail.
|
||||
|
||||
Requirements and installation
|
||||
-----------------------------
|
||||
|
|
@ -36,11 +36,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-email;
|
||||
/system/script/run backup-email;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-email on-event="/ system script run backup-email;" start-time=09:15:00;
|
||||
/system/scheduler/add interval=1w name=backup-email on-event="/system/script/run backup-email;" start-time=09:15:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-partition;
|
||||
/system/script/run backup-partition;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-partition on-event="/ system script run backup-partition;" start-time=09:30:00;
|
||||
/system/scheduler/add interval=1w name=backup-partition on-event="/system/script/run backup-partition;" start-time=09:30:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ Upload backup to server
|
|||
Description
|
||||
-----------
|
||||
|
||||
This script uploads binary backup (`/ system backup save`) and complete
|
||||
configuration export (`/ export terse show-sensitive`) to external server.
|
||||
This script uploads binary backup (`/system/backup/save`) and complete
|
||||
configuration export (`/export terse show-sensitive`) to external server.
|
||||
|
||||
> ⚠️ **Warning**: The used command can hit errors that a script can not handle.
|
||||
> This may result in script termination (where no notification is sent) or
|
||||
|
|
@ -60,11 +60,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-upload;
|
||||
/system/script/run backup-upload;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-upload on-event="/ system script run backup-upload;" start-time=09:25:00;
|
||||
/system/scheduler/add interval=1w name=backup-upload on-event="/system/script/run backup-upload;" start-time=09:25:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Just install the script on CAPsMAN device:
|
|||
|
||||
Optionally add a scheduler to run after startup:
|
||||
|
||||
/ system scheduler add name=capsman-download-packages on-event="/ system script run capsman-download-packages;" start-time=startup;
|
||||
/system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages;" start-time=startup;
|
||||
|
||||
Packages available in local storage in older version are downloaded
|
||||
unconditionally. The script tries to download missing packages by guessing
|
||||
|
|
@ -35,7 +35,7 @@ Usage and invocation
|
|||
|
||||
Run the script manually:
|
||||
|
||||
/ system script run capsman-download-packages;
|
||||
/system/script/run capsman-download-packages;
|
||||
|
||||
... or from scheduler.
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ that script when required.
|
|||
|
||||
Alternatively run it manually:
|
||||
|
||||
/ system script run capsman-rolling-upgrade;
|
||||
/system/script/run capsman-rolling-upgrade;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ Usage and invocation
|
|||
|
||||
Run the script to renew certificates issued from a local CA.
|
||||
|
||||
/ system script run certificate-renew-issued;
|
||||
/system/script/run certificate-renew-issued;
|
||||
|
||||
Only scripts with a remaining lifetime of three weeks or less are renewed.
|
||||
The old certificate is revoked automatically. If a passphrase for a specific
|
||||
|
|
|
|||
|
|
@ -44,15 +44,15 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run check-certificates;
|
||||
/system/script/run check-certificates;
|
||||
|
||||
... or create a scheduler for periodic execution:
|
||||
|
||||
/ system scheduler add interval=1d name=check-certificates on-event="/ system script run check-certificates;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=check-certificates on-event="/system/script/run check-certificates;" start-time=startup;
|
||||
|
||||
Alternatively running on startup may be desired:
|
||||
|
||||
/ system scheduler add name=check-certificates-startup on-event="/ system script run check-certificates;" start-time=startup;
|
||||
/system/scheduler/add name=check-certificates-startup on-event="/system/script/run check-certificates;" start-time=startup;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Note that bad initial state will not trigger an event.
|
|||
Only sensors available in hardware can be checked. See what your
|
||||
hardware supports:
|
||||
|
||||
/ system health print;
|
||||
/system/health/print;
|
||||
|
||||
### Sample notifications
|
||||
|
||||
|
|
@ -45,7 +45,7 @@ Requirements and installation
|
|||
Just install the script and create a scheduler:
|
||||
|
||||
$ScriptInstallUpdate check-health;
|
||||
/ system scheduler add interval=1m name=check-health on-event="/ system script run check-health;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=check-health on-event="/system/script/run check-health;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ Just install the script:
|
|||
|
||||
... and create a scheduler:
|
||||
|
||||
/ system scheduler add interval=1d name=check-lte-firmware-upgrade on-event="/ system script run check-lte-firmware-upgrade;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=check-lte-firmware-upgrade on-event="/system/script/run check-lte-firmware-upgrade;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ Just install the script:
|
|||
|
||||
And add a scheduler for automatic update notification:
|
||||
|
||||
/ system scheduler add interval=1d name=check-routeros-update on-event="/ system script run check-routeros-update;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=check-routeros-update on-event="/system/script/run check-routeros-update;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -65,7 +65,7 @@ Usage and invocation
|
|||
|
||||
Be notified when run from scheduler or run it manually:
|
||||
|
||||
/ system script run check-routeros-update;
|
||||
/system/script/run check-routeros-update;
|
||||
|
||||
If an update is found you can install it right away.
|
||||
|
||||
|
|
|
|||
|
|
@ -22,8 +22,8 @@ and modify it to your needs.
|
|||
Requirements and installation
|
||||
-----------------------------
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
|
|
|||
|
|
@ -21,8 +21,8 @@ Requirements and installation
|
|||
|
||||
Just install this script.
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
|
@ -34,8 +34,8 @@ For local interface:
|
|||
|
||||
And add schedulers to run the script:
|
||||
|
||||
/ system scheduler add interval=1d name=daily-psk-nightly on-event="/ system script run daily-psk.local;" start-date=may/23/2018 start-time=03:00:00;
|
||||
/ system scheduler add name=daily-psk-startup on-event="/ system script run daily-psk.local;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=daily-psk-nightly on-event="/system/script/run daily-psk.local;" start-date=may/23/2018 start-time=03:00:00;
|
||||
/system/scheduler/add name=daily-psk-startup on-event="/system/script/run daily-psk.local;" start-time=startup;
|
||||
|
||||
These will update the passphrase on boot and nightly at 3:00.
|
||||
|
||||
|
|
@ -49,7 +49,7 @@ The configuration goes to `global-config-overlay`, these are the parameters:
|
|||
|
||||
Then add an access list entry:
|
||||
|
||||
/ interface wireless access-list add comment="Daily PSK" interface=wl-daily private-pre-shared-key="ToBeChangedDaily";
|
||||
/interface/wireless/access-list/add comment="Daily PSK" interface=wl-daily private-pre-shared-key="ToBeChangedDaily";
|
||||
|
||||
Also notification settings are required for e-mail,
|
||||
[matrix](mod/notification-matrix.md) and/or
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ from wireless access list.
|
|||
Requirements and installation
|
||||
-----------------------------
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Then run it from dhcp server as lease script. You may want to use
|
|||
|
||||
A scheduler cares about cleanup:
|
||||
|
||||
/ system scheduler add interval=15m name=dhcp-to-dns on-event="/ system script run dhcp-to-dns;" start-time=startup;
|
||||
/system/scheduler/add interval=15m name=dhcp-to-dns on-event="/system/script/run dhcp-to-dns;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Requirements and installation
|
|||
Just install the script and create a scheduler:
|
||||
|
||||
$ScriptInstallUpdate firmware-upgrade-reboot;
|
||||
/ system scheduler add name=firmware-upgrade-reboot on-event="/ system script run firmware-upgrade-reboot;" start-time=startup;
|
||||
/system/scheduler/add name=firmware-upgrade-reboot on-event="/system/script/run firmware-upgrade-reboot;" start-time=startup;
|
||||
|
||||
Enjoy firmware being up to date and in sync with RouterOS.
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ Just install the script:
|
|||
... and add it to your scheduler, for example in combination with the module
|
||||
to [manage VLANs on bridge ports](mod/bridge-port-vlan.md):
|
||||
|
||||
/ system scheduler add name=bridge-port-vlan on-event="/ system script run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
/system/scheduler/add name=bridge-port-vlan on-event="/system/script/run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ Just install the script:
|
|||
|
||||
... and create a scheduler:
|
||||
|
||||
/ system scheduler add interval=1m name=gps-track on-event="/ system script run gps-track;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=gps-track on-event="/system/script/run gps-track;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -32,7 +32,7 @@ The configuration goes to `global-config-overlay`, the only parameter is:
|
|||
|
||||
* `GpsTrackUrl`: the url to send json data to
|
||||
|
||||
The configured coordinate format (see `/ system gps`) defines the format
|
||||
The configured coordinate format (see `/system/gps`) defines the format
|
||||
sent to the server.
|
||||
|
||||
---
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ Then install the script:
|
|||
|
||||
Configure your hotspot to use this script as `on-login` script:
|
||||
|
||||
/ ip hotspot user profile set on-login=hotspot-to-wpa [ find ];
|
||||
/ip/hotspot/user/profile/set on-login=hotspot-to-wpa [ find ];
|
||||
|
||||
### Automatic cleanup
|
||||
|
||||
|
|
@ -36,11 +36,11 @@ access list forever. Install the optional script for automatic cleanup:
|
|||
|
||||
Create a scheduler:
|
||||
|
||||
/ system scheduler add interval=1d name=hotspot-to-wpa-cleanup on-event="/ system script run hotspot-to-wpa-cleanup;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup;" start-time=startup;
|
||||
|
||||
And add the lease script to your wpa interfaces' dhcp server:
|
||||
|
||||
/ ip dhcp-server set lease-script=lease-script [ find where name~"wpa" ];
|
||||
/ip/dhcp-server/set lease-script=lease-script [ find where name~"wpa" ];
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -51,8 +51,8 @@ entries are to be added.
|
|||
|
||||
Create hotspot login credentials:
|
||||
|
||||
/ ip hotspot user add add comment="Test User 1" name=user1 password=v3ry;
|
||||
/ ip hotspot user add add comment="Test User 2" name=user2 password=s3cr3t;
|
||||
/ip/hotspot/user/add comment="Test User 1" name=user1 password=v3ry;
|
||||
/ip/hotspot/user/add comment="Test User 2" name=user2 password=s3cr3t;
|
||||
|
||||
Additionally templates can be created to give more options for access list:
|
||||
|
||||
|
|
@ -66,12 +66,12 @@ Additionally templates can be created to give more options for access list:
|
|||
|
||||
For a hotspot called `example` the template could look like this:
|
||||
|
||||
/ caps-man access-list add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10 vlan-mode=use-tag;
|
||||
/caps-man/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10 vlan-mode=use-tag;
|
||||
|
||||
The same settings are available in hotspot user's comment and take precedence
|
||||
over the template settings:
|
||||
|
||||
/ ip hotspot user add comment="private-passphrase=ignore, ssid-regexp=^example\\\$, vlan-id=10, vlan-mode=use-tag" name=user password=v3ry-s3cr3t;
|
||||
/ip/hotspot/user/add comment="private-passphrase=ignore, ssid-regexp=^example\\\$, vlan-id=10, vlan-mode=use-tag" name=user password=v3ry-s3cr3t;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ Just install the script:
|
|||
|
||||
... and make it run from scheduler:
|
||||
|
||||
/ system scheduler add name=ip-addr-bridge on-event="/ system script run ip-addr-bridge;" start-time=startup;
|
||||
/system/scheduler/add name=ip-addr-bridge on-event="/system/script/run ip-addr-bridge;" start-time=startup;
|
||||
|
||||
This will disable IP addresses on bridges without at lease one running port.
|
||||
The IP address is enabled if at least one port is running.
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Just install the script:
|
|||
|
||||
This script is run from scheduler:
|
||||
|
||||
/ system scheduler add interval=1m name=ipsec-to-dns on-event="/ system script run ipsec-to-dns;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=ipsec-to-dns on-event="/system/script/run ipsec-to-dns;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
|||
|
|
@ -23,14 +23,14 @@ Just install the script:
|
|||
|
||||
Your ISP needs to provide an IPv6 prefix, your device receives it via dhcp:
|
||||
|
||||
/ ipv6 dhcp-client add add-default-route=yes interface=ppp-isp pool-name=isp request=prefix script=ipv6-update;
|
||||
/ipv6/dhcp-client/add add-default-route=yes interface=ppp-isp pool-name=isp request=prefix script=ipv6-update;
|
||||
|
||||
Note this already adds this script as `script`. The pool name (here: "`isp`")
|
||||
is important, we need it later.
|
||||
|
||||
Also this expects there is an address assigned from pool to an interface:
|
||||
|
||||
/ ipv6 address add from-pool=isp interface=br-local;
|
||||
/ipv6/address/add from-pool=isp interface=br-local;
|
||||
|
||||
Sometimes dhcp client is stuck on reconnect and needs to be released.
|
||||
Installing [ppp-on-up](ppp-on-up.md) may solve this.
|
||||
|
|
@ -41,7 +41,7 @@ Configuration
|
|||
An address list entry is updated with current prefix and can be used in
|
||||
firewall rules, comment has to be "`ipv6-pool-`" and actual pool name:
|
||||
|
||||
/ ipv6 firewall address-list add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern;
|
||||
/ipv6/firewall/address-list/add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern;
|
||||
|
||||
As this entry is mandatory it is created automatically if it does not exist,
|
||||
with the comment also set for list.
|
||||
|
|
@ -50,13 +50,13 @@ Address list entries for specific interfaces can be updated as well. The
|
|||
interface needs to get its address from pool `isp` and the address list entry
|
||||
has to be associated to an interface in comment:
|
||||
|
||||
/ ipv6 firewall address-list add address=2003:cf:2f0f:de01::/64 comment="ipv6-pool-isp, interface=br-local" list=local;
|
||||
/ipv6/firewall/address-list/add address=2003:cf:2f0f:de01::/64 comment="ipv6-pool-isp, interface=br-local" list=local;
|
||||
|
||||
Static DNS records need a special comment to be updated. Again it has to
|
||||
start with "`ipv6-pool-`" and actual pool name, followed by a comma,
|
||||
"`interface=`" and the name of interface this address is connected to:
|
||||
|
||||
/ ip dns static add address=2003:cf:2f0f:de00:1122:3344:5566:7788 comment="ipv6-pool-isp, interface=br-local" name=test.example.com ttl=15m;
|
||||
/ip/dns/static/add address=2003:cf:2f0f:de00:1122:3344:5566:7788 comment="ipv6-pool-isp, interface=br-local" name=test.example.com ttl=15m;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ Just install the script:
|
|||
|
||||
... and add it as `lease-script` to your dhcp server:
|
||||
|
||||
/ ip dhcp-server set lease-script=lease-script [ find ];
|
||||
/ip/dhcp-server/set lease-script=lease-script [ find ];
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -21,21 +21,21 @@ Usage and invocation
|
|||
|
||||
To switch the device to dark mode:
|
||||
|
||||
/ system script run leds-night-mode;
|
||||
/system/script/run leds-night-mode;
|
||||
|
||||
... and back to normal mode:
|
||||
|
||||
/ system script run leds-day-mode;
|
||||
/system/script/run leds-day-mode;
|
||||
|
||||
To toggle between the two modes:
|
||||
|
||||
/ system script run leds-toggle-mode;
|
||||
/system/script/run leds-toggle-mode;
|
||||
|
||||
Add these schedulers to switch to dark mode in the evening and back to
|
||||
normal mode in the morning:
|
||||
|
||||
/ system scheduler add interval=1d name=leds-day-mode on-event="/ system script run leds-day-mode;" start-time=07:00:00;
|
||||
/ system scheduler add interval=1d name=leds-night-mode on-event="/ system script run leds-night-mode;" start-time=21:00:00;
|
||||
/system/scheduler/add interval=1d name=leds-day-mode on-event="/system/script/run leds-day-mode;" start-time=07:00:00;
|
||||
/system/scheduler/add interval=1d name=leds-night-mode on-event="/system/script/run leds-night-mode;" start-time=21:00:00;
|
||||
|
||||
The script `leds-toggle-mode` can be used from [mode button](mode-button.md)
|
||||
to toggle mode.
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler:
|
||||
|
||||
/ system scheduler add interval=1m name=log-forward on-event="/ system script run log-forward;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=log-forward on-event="/system/script/run log-forward;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
|||
|
|
@ -22,20 +22,20 @@ Just install the module:
|
|||
Configuration
|
||||
-------------
|
||||
|
||||
The configuration goes to ports' comments (`/ interface bridge port`).
|
||||
The configuration goes to ports' comments (`/interface/bridge/port`).
|
||||
|
||||
/ interface bridge port add bridge=br-guest comment="default=dhcp-client, alt=br-guest" disabled=yes interface=en1;
|
||||
/ interface bridge port add bridge=br-intern comment="default=br-intern, alt=br-guest" interface=en2;
|
||||
/ interface bridge port add bridge=br-guest comment="default=br-guest, extra=br-extra" interface=en3;
|
||||
/interface/bridge/port/add bridge=br-guest comment="default=dhcp-client, alt=br-guest" disabled=yes interface=en1;
|
||||
/interface/bridge/port/add bridge=br-intern comment="default=br-intern, alt=br-guest" interface=en2;
|
||||
/interface/bridge/port/add bridge=br-guest comment="default=br-guest, extra=br-extra" interface=en3;
|
||||
|
||||
Also dhcp client can be handled:
|
||||
|
||||
/ ip dhcp-client add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
/ip/dhcp-client/add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
|
||||
Add a scheduler to start with default setup on system startup:
|
||||
|
||||
$ScriptInstallUpdate global-wait;
|
||||
/ system scheduler add name=bridge-port-vlan on-event="/ system script run global-wait; :global BridgePortTo; \$BridgePortTo default;" start-time=startup;
|
||||
/system/scheduler/add name=bridge-port-vlan on-event="/system/script/run global-wait; :global BridgePortTo; \$BridgePortTo default;" start-time=startup;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
|
|||
|
|
@ -23,24 +23,24 @@ Configuration
|
|||
|
||||
Using named VLANs you have to add comments in bridge vlan menu:
|
||||
|
||||
/ interface bridge vlan add bridge=bridge comment=intern tagged=br-local vlan-ids=10;
|
||||
/ interface bridge vlan add bridge=bridge comment=geust tagged=br-local vlan-ids=20;
|
||||
/ interface bridge vlan add bridge=bridge comment=extra tagged=br-local vlan-ids=30;
|
||||
/interface/bridge/vlan/add bridge=bridge comment=intern tagged=br-local vlan-ids=10;
|
||||
/interface/bridge/vlan/add bridge=bridge comment=geust tagged=br-local vlan-ids=20;
|
||||
/interface/bridge/vlan/add bridge=bridge comment=extra tagged=br-local vlan-ids=30;
|
||||
|
||||
The configuration goes to ports' comments (`/ interface bridge port`).
|
||||
The configuration goes to ports' comments (`/interface/bridge/port`).
|
||||
|
||||
/ interface bridge port add bridge=bridge comment="default=dhcp-client, alt=guest" disabled=yes interface=en1;
|
||||
/ interface bridge port add bridge=bridge comment="default=intern, alt=guest, extra=30" interface=en2;
|
||||
/ interface bridge port add bridge=bridge comment="default=guest, extra=extra" interface=en3;
|
||||
/interface/bridge/port/add bridge=bridge comment="default=dhcp-client, alt=guest" disabled=yes interface=en1;
|
||||
/interface/bridge/port/add bridge=bridge comment="default=intern, alt=guest, extra=30" interface=en2;
|
||||
/interface/bridge/port/add bridge=bridge comment="default=guest, extra=extra" interface=en3;
|
||||
|
||||
Also dhcp client can be handled:
|
||||
|
||||
/ ip dhcp-client add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
/ip/dhcp-client/add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
|
||||
Add a scheduler to start with default setup on system startup:
|
||||
|
||||
$ScriptInstallUpdate global-wait;
|
||||
/ system scheduler add name=bridge-port-vlan on-event="/ system script run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
/system/scheduler/add name=bridge-port-vlan on-event="/system/script/run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 2.8 KiB After Width: | Height: | Size: 2.8 KiB |
|
|
@ -24,7 +24,7 @@ Usage and invocation
|
|||
|
||||
Call the function `$InspectVar` with a variable as parameter:
|
||||
|
||||
$InspectVar $ModeButton
|
||||
$InspectVar $ModeButton;
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 1.7 KiB After Width: | Height: | Size: 1.7 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 1.3 KiB After Width: | Height: | Size: 1.2 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 2.3 KiB After Width: | Height: | Size: 2.3 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 4.2 KiB After Width: | Height: | Size: 4 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 3.1 KiB After Width: | Height: | Size: 3.1 KiB |
|
|
@ -42,7 +42,7 @@ Your best bet is to query the server at `domain` with the
|
|||
[well-known uri](https://spec.matrix.org/latest/client-server-api/#well-known-uri).
|
||||
For "*matrix.org*" this query is:
|
||||
|
||||
/ tool fetch "https://matrix.org/.well-known/matrix/client" output=user;
|
||||
/tool/fetch "https://matrix.org/.well-known/matrix/client" output=user;
|
||||
|
||||
|
||||
|
||||
|
|
@ -59,7 +59,7 @@ account must be sent to the home server via
|
|||
We use the home server discovered above, "*matrix-client.matrix.org*".
|
||||
The user is "*example*" and password is "*v3ry-s3cr3t*".
|
||||
|
||||
/ tool fetch "https://matrix-client.matrix.org/_matrix/client/r0/login" http-method=post http-data="{\"type\":\"m.login.password\", \"user\":\"example\", \"password\":\"v3ry-s3cr3t\"}" output=user;
|
||||
/tool/fetch "https://matrix-client.matrix.org/_matrix/client/r0/login" http-method=post http-data="{\"type\":\"m.login.password\", \"user\":\"example\", \"password\":\"v3ry-s3cr3t\"}" output=user;
|
||||
|
||||
|
||||
|
||||
|
|
@ -80,7 +80,7 @@ this can be done with
|
|||
Make sure to replace room id ("*!*" is escaped with "*%21*") and access token
|
||||
with your data.
|
||||
|
||||
/ tool fetch "https://matrix-client.matrix.org/_matrix/client/r0/rooms/%21WUcxpSjKyxSGelouhA:matrix.org/join?access_token=yt_ZXdvcm0tdGVzdA_NNqUyvKHRhBLZmnzVVSK_0xu6yN" http-method=post http-data="" output=user;
|
||||
/tool/fetch "https://matrix-client.matrix.org/_matrix/client/r0/rooms/%21WUcxpSjKyxSGelouhA:matrix.org/join?access_token=yt_ZXdvcm0tdGVzdA_NNqUyvKHRhBLZmnzVVSK_0xu6yN" http-method=post http-data="" output=user;
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
#!rsc by RouterOS
|
||||
|
||||
:put ("Hello World from " . [ / system identity get name ] . "!");
|
||||
:put ("Hello World from " . [ /system/identity/get name ] . "!");
|
||||
|
|
|
|||
Binary file not shown.
|
Before Width: | Height: | Size: 2.4 KiB After Width: | Height: | Size: 2.3 KiB |
|
|
@ -37,7 +37,7 @@ Usage and invocation
|
|||
The function `$ScriptRunOnce` expects an URL (or name if
|
||||
`ScriptRunOnceBaseUrl` is given) pointing to a script as parameter.
|
||||
|
||||
$ScriptRunOnce https://git.eworm.de/cgit/routeros-scripts/plain/doc/mod/scriptrunonce.d/hello-world.rsc
|
||||
$ScriptRunOnce https://git.eworm.de/cgit/routeros-scripts/plain/doc/mod/scriptrunonce.d/hello-world.rsc;
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -13,17 +13,17 @@ This script extend the functionality of mode button. Instead of just one
|
|||
you can trigger several actions by pressing the mode button several times.
|
||||
|
||||
The hardware needs to have a mode button, see
|
||||
`/ system routerboard mode-button`. Starting with RouterOS 6.47beta60 you
|
||||
`/system/routerboard/mode-button`. Starting with RouterOS 6.47beta60 you
|
||||
can configure the reset button to act the same, see
|
||||
`/ system routerboard reset-button`.
|
||||
`/system/routerboard/reset-button`.
|
||||
|
||||
Copy this code to terminal to check:
|
||||
|
||||
```
|
||||
:if ([ :len [ /system routerboard mode-button print as-value ] ] > 0) do={
|
||||
:if ([ :len [ /system/routerboard/mode-button/print as-value ] ] > 0) do={
|
||||
:put "Mode button is supported.";
|
||||
} else={
|
||||
:if ([ :len [ /system routerboard reset-button print as-value ] ] > 0) do={
|
||||
:if ([ :len [ /system/routerboard/reset-button/print as-value ] ] > 0) do={
|
||||
:put "Mode button is not supported, but reset button is.";
|
||||
} else={
|
||||
:put "Neither mode button nor reset button is supported.";
|
||||
|
|
@ -40,11 +40,11 @@ Just install the script:
|
|||
|
||||
Then configure the mode button to run `mode-button`:
|
||||
|
||||
/ system routerboard mode-button set enabled=yes on-event="/ system script run mode-button;";
|
||||
/system/routerboard/mode-button/set enabled=yes on-event="/system/script/run mode-button;";
|
||||
|
||||
To use the reset button instead:
|
||||
|
||||
/ system routerboard reset-button set enabled=yes on-event="/ system script run mode-button;";
|
||||
/system/routerboard/reset-button/set enabled=yes on-event="/system/script/run mode-button;";
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -57,7 +57,7 @@ The configuration goes to `global-config-overlay`, these are the parameters:
|
|||
Usage and invocation
|
||||
--------------------
|
||||
|
||||
Press the mode button. :)
|
||||
Press the mode button. 😜
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ Just install the script:
|
|||
|
||||
Then add a scheduler to run it periodically:
|
||||
|
||||
/ system scheduler add interval=1m name=netwatch-dns on-event="/ system script run netwatch-dns;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=netwatch-dns on-event="/system/script/run netwatch-dns;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -29,9 +29,9 @@ Configuration
|
|||
The DNS and DoH servers to be checked have to be added to netwatch with
|
||||
specific comment:
|
||||
|
||||
/ tool netwatch add comment="doh, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/ tool netwatch add comment="dns, hostname=google-dns" host=8.8.8.8;
|
||||
/ tool netwatch add comment="doh, dns, hostname=quad-nine" host=9.9.9.10;
|
||||
/tool/netwatch/add comment="doh, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="dns, hostname=google-dns" host=8.8.8.8;
|
||||
/tool/netwatch/add comment="doh, dns, hostname=quad-nine" host=9.9.9.10;
|
||||
|
||||
This will configure *cloudflare-dns* for DoH (`https://1.1.1.1/dnsquery`), and
|
||||
*google-dns* and *quad-nine* for regular DNS (`8.8.8.8,9.9.9.10`) if up.
|
||||
|
|
@ -39,15 +39,15 @@ If *cloudflare-dns* is down the script will fall back to *quad-nine* for DoH.
|
|||
|
||||
Giving a specific query url for DoH is possible:
|
||||
|
||||
/ tool netwatch add comment="doh, hostname=nextdns, doh-url=https://dns.nextdns.io/dns-query" host=199.247.16.158;
|
||||
/tool/netwatch/add comment="doh, hostname=nextdns, doh-url=https://dns.nextdns.io/dns-query" host=199.247.16.158;
|
||||
|
||||
Note that using a name in DoH url may introduce a chicken-and-egg issue!
|
||||
|
||||
Sometimes using just one specific (possibly internal) DNS server may be
|
||||
desired, with fallback in case it fails. This is possible as well:
|
||||
|
||||
/ tool netwatch add comment="dns, hostname=pi-hole" host=10.0.0.10;
|
||||
/ tool netwatch add comment="dns-fallback, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="dns, hostname=pi-hole" host=10.0.0.10;
|
||||
/tool/netwatch/add comment="dns-fallback, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
|
||||
Tips & Tricks
|
||||
-------------
|
||||
|
|
@ -57,7 +57,7 @@ Tips & Tricks
|
|||
Netwatch entries can be created to work with both - this script and
|
||||
[netwatch-notify](netwatch-notify.md). Just give options for both:
|
||||
|
||||
/ tool netwatch add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
|
||||
Also this allows to update host address, see option `resolve`.
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ Description
|
|||
-----------
|
||||
|
||||
This script sends notifications about host UP and DOWN events. In comparison
|
||||
to just netwatch (`/ tool netwatch`) and its `up-script` and `down-script`
|
||||
to just netwatch (`/tool/netwatch`) and its `up-script` and `down-script`
|
||||
this script implements a simple state machine and dependency model. Host
|
||||
down events are triggered only if the host is down for several checks and
|
||||
optional parent host is not down to avoid false alerts.
|
||||
|
|
@ -29,14 +29,14 @@ Just install the script:
|
|||
|
||||
Then add a scheduler to run it periodically:
|
||||
|
||||
/ system scheduler add interval=1m name=netwatch-notify on-event="/ system script run netwatch-notify;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=netwatch-notify on-event="/system/script/run netwatch-notify;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
The hosts to be checked have to be added to netwatch with specific comment:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com" host=[ :resolve "example.com" ];
|
||||
/tool/netwatch/add comment="notify, hostname=example.com" host=[ :resolve "example.com" ];
|
||||
|
||||
### Hooks
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ It is possible to run an up hook command (`up-hook`) or down hook command
|
|||
(`down-hook`) when a notification is triggered. This has to be added in
|
||||
comment, note that some characters need extra escaping:
|
||||
|
||||
/ tool netwatch add comment=("notify, hostname=device, down-hook=/ interface ethernet \\{ disable \\\"en2\\\"; enable \\\"en2\\\"; \\}") host=10.0.0.20;
|
||||
/tool/netwatch/add comment=("notify, hostname=device, down-hook=/interface/ethernet \\{ disable \\\"en2\\\"; enable \\\"en2\\\"; \\}") host=10.0.0.20;
|
||||
|
||||
Also there is a `pre-down-hook` that fires at two thirds of failed checks
|
||||
required for the notification. The idea is to fix the issue before a
|
||||
|
|
@ -54,15 +54,15 @@ notification is sent.
|
|||
|
||||
The count threshould (default is 5 checks) is configurable as well:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com, count=10" host=104.18.144.11;
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, count=10" host=104.18.144.11;
|
||||
|
||||
### Parents & dependencies
|
||||
|
||||
If the host is behind another checked host add a dependency, this will
|
||||
suppress notification if the parent host is down:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=gateway" host=93.184.216.1;
|
||||
/ tool netwatch add comment="notify, hostname=example.com, parent=gateway" host=93.184.216.34;
|
||||
/tool/netwatch/add comment="notify, hostname=gateway" host=93.184.216.1;
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, parent=gateway" host=93.184.216.34;
|
||||
|
||||
Note that every configured parent in a chain increases the check count
|
||||
threshould by one.
|
||||
|
|
@ -72,7 +72,7 @@ threshould by one.
|
|||
The host address can be updated dynamically. Give extra parameter `resolve`
|
||||
with a resolvable name:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com, resolve=example.com";
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, resolve=example.com";
|
||||
|
||||
But be warned: Dynamic updates will probably cause issues if the name has
|
||||
more than one record in dns - a high rate of configuration changes (and flash
|
||||
|
|
@ -84,7 +84,7 @@ Also suppressing the notification on host down is possible with parameter
|
|||
`no-down-notification`. This may be desired for devices that are usually
|
||||
powered off, but accessibility is of interest.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=printer, no-down-notification" host=10.0.0.30;
|
||||
/tool/netwatch/add comment="notify, hostname=printer, no-down-notification" host=10.0.0.30;
|
||||
|
||||
Go and get your coffee ☕️ before sending the print job.
|
||||
|
||||
|
|
@ -101,8 +101,8 @@ Sometimes it is sufficient if one of a number of hosts is available. You can
|
|||
make `netwatch-notify` check for that by adding several items with same
|
||||
`hostname`. Note that `count` has to be multiplied to keep the actual time.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=service, count=10" host=10.0.0.10;
|
||||
/ tool netwatch add comment="notify, hostname=service, count=10" host=10.0.0.20;
|
||||
/tool/netwatch/add comment="notify, hostname=service, count=10" host=10.0.0.10;
|
||||
/tool/netwatch/add comment="notify, hostname=service, count=10" host=10.0.0.20;
|
||||
|
||||
### Checking internet connectivity
|
||||
|
||||
|
|
@ -112,11 +112,11 @@ check `1.1.1.1` (Cloudflare DNS), `9.9.9.9` (Quad-nine DNS), `8.8.8.8`
|
|||
(Google DNS) or any other reliable address that indicates internet
|
||||
connectivity.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=internet" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="notify, hostname=internet" host=1.1.1.1;
|
||||
|
||||
A target like this suits well to be parent for other checks.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com, parent=internet" host=93.184.216.34;
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, parent=internet" host=93.184.216.34;
|
||||
|
||||
### Checking specific ISP
|
||||
|
||||
|
|
@ -124,12 +124,13 @@ Having several ISPs for redundancy a failed link may go unnoticed without
|
|||
proper monitoring. You can use routing-mark to monitor specific connections.
|
||||
Create a route and firewall mangle rule.
|
||||
|
||||
/ ip route add distance=1 gateway=isp1 routing-mark=via-isp1;
|
||||
/ ip firewall mangle add action=mark-routing chain=output new-routing-mark=via-isp1 dst-address=1.0.0.1 passthrough=yes;
|
||||
/routing/table/add fib name=via-isp1;
|
||||
/ip/route/add distance=1 gateway=isp1 routing-table=via-isp1;
|
||||
/ip/firewall/mangle/add action=mark-routing chain=output new-routing-mark=via-isp1 dst-address=1.0.0.1 passthrough=yes;
|
||||
|
||||
Finally monitor the address with `netwatch-notify`.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=quad-one via isp1" host=1.0.0.1;
|
||||
/tool/netwatch/add comment="notify, hostname=quad-one via isp1" host=1.0.0.1;
|
||||
|
||||
Note that *all* traffic to the given address is routed that way. In case of
|
||||
link failure this address is not available, so use something reliable but
|
||||
|
|
@ -141,7 +142,7 @@ non-essential. In this example the address `1.0.0.1` is used, the same service
|
|||
Netwatch entries can be created to work with both - this script and
|
||||
[netwatch-dns](netwatch-dns.md). Just give options for both:
|
||||
|
||||
/ tool netwatch add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ Requirements and installation
|
|||
|
||||
Let's assume there is a remote log action and associated logging rule:
|
||||
|
||||
/ system logging action set remote=10.0.0.1 [ find where name="remote" ];
|
||||
/ system logging add action=remote topics=info;
|
||||
/system/logging/action/set remote=10.0.0.1 [ find where name="remote" ];
|
||||
/system/logging/add action=remote topics=info;
|
||||
|
||||
Just install the script:
|
||||
|
||||
|
|
@ -25,7 +25,7 @@ Just install the script:
|
|||
|
||||
... and create a netwatch matching the IP address from logging action above:
|
||||
|
||||
/ tool netwatch add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog;
|
||||
/tool/netwatch/add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog;
|
||||
|
||||
All logging rules are disabled when host is down.
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler to run the script periodically:
|
||||
|
||||
/ system scheduler add interval=20s name=ospf-to-leds on-event="/ system script run ospf-to-leds;" start-time=startup;
|
||||
/system/scheduler/add interval=20s name=ospf-to-leds on-event="/system/script/run ospf-to-leds;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -30,7 +30,7 @@ Configuration
|
|||
The configuration goes to OSPF instance's comment. To visualize state for
|
||||
instance `default` via LED `user-led` set this:
|
||||
|
||||
/ routing ospf instance set default comment="ospf-to-leds, leds=user-led";
|
||||
/routing/ospf/instance/set default comment="ospf-to-leds, leds=user-led";
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ Description
|
|||
-----------
|
||||
|
||||
In rare cases RouterOS fails to properly downlaod package on update
|
||||
(`/ system package update install`), resulting in borked system with missing
|
||||
(`/system/package/update/install`), resulting in borked system with missing
|
||||
packages. This script tries to avoid this situation by doing some basic
|
||||
verification.
|
||||
|
||||
|
|
@ -35,7 +35,7 @@ Usage and invocation
|
|||
|
||||
Alternatively run it manually:
|
||||
|
||||
/ system script run packages-update;
|
||||
/system/script/run packages-update;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ Just install the script:
|
|||
|
||||
... and make it the `on-up` script for ppp profile:
|
||||
|
||||
/ ppp profile set on-up=ppp-on-up [ find ];
|
||||
/ppp/profile/set on-up=ppp-on-up [ find ];
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ addresses from pool if required.
|
|||
|
||||
Alternatively a scheduler can be created:
|
||||
|
||||
/ system scheduler add interval=5d name=rotate-ntp on-event="/ system script run rotate-ntp;" start-time=startup;
|
||||
/system/scheduler/add interval=5d name=rotate-ntp on-event="/system/script/run rotate-ntp;" start-time=startup;
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ The configuration goes to `global-config-overlay`, this is the only parameter:
|
|||
|
||||
Then enable SMS actions:
|
||||
|
||||
/ tool sms set allowed-number=+491234567890 receive-enabled=yes secret=s3cr3t;
|
||||
/tool/sms/set allowed-number=+491234567890 receive-enabled=yes secret=s3cr3t;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler to run it periodically:
|
||||
|
||||
/ system scheduler add interval=2m name=sms-forward on-event="/ system script run sms-forward;" start-time=startup;
|
||||
/system/scheduler/add interval=2m name=sms-forward on-event="/system/script/run sms-forward;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -36,7 +36,7 @@ Notification settings are required for e-mail,
|
|||
[telegram](mod/notification-telegram.md). Also you have to enable receiving
|
||||
of SMS:
|
||||
|
||||
/ tool sms set receive-enabled=yes;
|
||||
/tool/sms/set receive-enabled=yes;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Usage and invocation
|
|||
Copy files with extension "`pub`" containing public SSH keys for your device.
|
||||
Then run the script:
|
||||
|
||||
/ system script run ssh-keys-import;
|
||||
/system/script/run ssh-keys-import;
|
||||
|
||||
Starting with an `authorized_keys` file you can split it on a shell:
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ Usage and invocation
|
|||
|
||||
Just run the script to play:
|
||||
|
||||
/ system script run super-mario-theme;
|
||||
/system/script/run super-mario-theme;
|
||||
|
||||
For extra fun use it for dhcp lease script. :)
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ Usage and invocation
|
|||
|
||||
Run the script if an upgrade for your LTE hardware is available:
|
||||
|
||||
/ system script run unattended-lte-firmware-upgrade;
|
||||
/system/script/run unattended-lte-firmware-upgrade;
|
||||
|
||||
Then be patient, go for a coffee and wait for the upgrade process to finish.
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler to run the script periodically:
|
||||
|
||||
/ system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;
|
||||
/system/scheduler/add interval=30s name=update-gre-address on-event="/system/script/run update-gre-address;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
@ -34,7 +34,7 @@ Configuration
|
|||
The configuration goes to interface's comment. Add the client's IKEv2
|
||||
certificate CN into the comment:
|
||||
|
||||
/ interface gre set comment="ikev2-client1" gre-client1;
|
||||
/interface/gre/set comment="ikev2-client1" gre-client1;
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
|||
|
|
@ -28,11 +28,11 @@ Configuration
|
|||
|
||||
The configuration goes to interface's comment:
|
||||
|
||||
/ interface 6to4 set comment="tunnelbroker, user=user, pass=s3cr3t, id=12345" tunnelbroker;
|
||||
/interface/6to4/set comment="tunnelbroker, user=user, pass=s3cr3t, id=12345" tunnelbroker;
|
||||
|
||||
Also enabling dynamic DNS in Mikrotik cloud is required:
|
||||
|
||||
/ ip cloud set ddns-enabled=yes;
|
||||
/ip/cloud/set ddns-enabled=yes;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
|||
|
|
@ -77,13 +77,13 @@
|
|||
68="Reintroduced 'global-wait' for functions in scheduler.";
|
||||
69="Support hard lower limit for voltage in 'check-health'.";
|
||||
70="MikroTik started pushing RouterOS v7. Changes are no longer required.";
|
||||
71="MikroTik is pushing RouterOS v7 even more, in parallel branches. If you want to keep RouterOS v6 for some time see https://git.eworm.de/cgit/routeros-scripts/about/#changes-for-routeros-v6";
|
||||
71="MikroTik is pushing RouterOS v7 even more, in parallel branches. If you want to keep RouterOS v6 for some time see https://git.eworm.de/cgit/routeros-scripts/about/#requirements";
|
||||
72="Introduced new script 'netwatch-dns' to manage DNS and DoH servers from netwatch.";
|
||||
73="Renamed backup scripts ('cloud-backup' -> 'backup-cloud', 'email-backup' -> 'backup-email', 'upload-backup' -> 'backup-upload').";
|
||||
74="Extended 'hotspot-to-wpa', it can now read additional configuration from templates and hotspot users.";
|
||||
75=("Finally merged the RouterOS v7 code into the main branch. " . [ $IfThenElse ([ $RequiredRouterOS "global-config.changes" "7.0" false ] = true) \
|
||||
("You may now drop '\$ScriptUpdatesUrlSuffix' from 'global-config-overlay'.") \
|
||||
("Still running RouterOS v6, so last reminder to see https://git.eworm.de/cgit/routeros-scripts/about/#changes-for-routeros-v6") ]);
|
||||
("Still running RouterOS v6, so last reminder to see https://git.eworm.de/cgit/routeros-scripts/about/#requirements") ]);
|
||||
76="Added an option to suppress notifications on host down with 'netwatch-notify'.";
|
||||
77="Introduced new script 'firmware-upgrade-reboot'. Handle with care!";
|
||||
78="New documentation is online for notifications via Telegram & Matrix, variable inspection, ip address calculation and running scripts once.";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue