mirror.MikroTik/eworm.routeros-scripts
1
0
Fork 0
mirror of https://git.eworm.de/cgit/routeros-scripts synced 2025-07-01 05:34:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
2645 commits 4 branches 238 tags 6.9 MiB
Commit graph

2645 commits

This branch
This branch
All branches
Author SHA1 Message Date
Christian Hesse
9c945b1a32 mod/ssh-keys-import: $SSHKeysImportFile: simplify looping lines 2024-11-08 09:15:45 +01:00
Christian Hesse
084c246ef0 fw-addr-lists: simplify looping lines 
With `:deserialize` the **record** separator is always a new line. The
property `delimiter=` is a **field** reparator, so you can parse a lines
into an array.

We do not want (or need) that, so use new line as field separator. This
will result in an array with just one element, and we use that.

Also convert the data to line feed explicitly, just to be sure.
 2024-11-06 22:42:40 +01:00
Christian Hesse
31dfdf7e62 doc/netwatch-dns: link to 'certificate name from browser' 2024-11-02 21:23:04 +01:00
Christian Hesse
d213369e73 doc/fw-addr-lists: link to 'certificate name from browser' 2024-11-02 21:23:04 +01:00
Christian Hesse
c5740c2328 doc/mod/notification-ntfy: link to 'certificate name from browser' 2024-11-02 21:23:04 +01:00
Christian Hesse
af942d90d3 doc/mod/notification-matrix: link to 'certificate name from browser' 2024-11-02 21:23:04 +01:00
Christian Hesse
3c0852d6b8 introduce CERTIFICATES, guide to find root certificate 2024-11-02 21:23:04 +01:00
Christian Hesse
3506f71071 global-functions: $CertificateAvailable: fail without CommonName 2024-10-30 22:49:48 +01:00
Christian Hesse
a6584170c3 certs: check cert for matrix.org 2024-10-29 15:00:26 +01:00
Christian Hesse
3169270dbd doc/mod/notification-matrix: better document certificate import 2024-10-29 15:00:26 +01:00
Christian Hesse
e803f8b3c0 ipv6-update: create a dynamic address-list entry only 
This should make sure that the script runs once after reboot, even if
the prefix does not change.

An existing static entry needs to be removed to make this work!

https://github.com/eworm-de/routeros-scripts/issues/85
 2024-10-25 18:20:17 +02:00
Christian Hesse
d022c87651 ipv6-update: ignore if address was acquired 
https://github.com/eworm-de/routeros-scripts/issues/85
 2024-10-23 21:55:34 +02:00
Christian Hesse
7229c756af fw-addr-lists: spamhaus.org requires 'ISRG Root X1' now 2024-10-23 20:17:44 +02:00
Christian Hesse
07c9576377 packages-update: check for explicit state... 
... as all device-mode properties are given since RouterOS 7.14beta4.

Let's assume we do not have to care about RouterOS 7.14beta2 any more...
As older versions will not match the check we can now merge right away.
 2024-10-23 20:17:44 +02:00
Christian Hesse
435f70999c backup-partition: drop warning on lock in device-mode 
... as switching partitions is possible again in RouterOS 7.17beta4.
 2024-10-22 19:32:19 +02:00
Christian Hesse
71c58c6afb doc/netwatch-notify: fix typo(s) 2024-10-10 22:32:46 +02:00
Christian Hesse
f7f50a9d45 doc/netwatch-notify: give an extra example for resolving AAAA records 2024-10-10 22:24:56 +02:00
Christian Hesse
82e3e7a9fc doc/netwatch-notify: always give a host... 
... as that is a required property. Any ip address is fine, it is
changed anyway.
 2024-10-10 22:20:31 +02:00
Christian Hesse
85a7a16c15 backup-partition: log the warning just once 2024-10-09 14:30:29 +02:00
Christian Hesse
c955c94098 update list of contributors 2024-10-02 14:02:29 +02:00
Christian Hesse
98e62e3eac update list of contributors 2024-10-01 21:42:20 +02:00
Ignacio Serrano
5135e836b8 mod/notification-ntfy: fix ntfy overrides 2024-10-01 20:32:37 +02:00
Christian Hesse
f75e701be3 log-forward: get last message from log... 
... not only from matched massages.
 2024-09-30 21:51:31 +02:00
Christian Hesse
f2576cf558 packages-update: give warning on lock in device-mode 
RouterOS 7.17beta2 introduced some extra security measures, including
some to prevent downgrade attacks for the installation. Detect early
and exit with message and error.

https://help.mikrotik.com/docs/display/ROS/Device-mode
 2024-09-30 16:23:50 +02:00
Christian Hesse
1776b8f50b backup-partition: give warning on lock in device-mode 
RouterOS 7.17beta2 introduced some extra security measures, including
some to prevent downgrade attacks for the installation. Thus switching
partitions (which can hold quite old installations) is denied by
device-mode now by default. Warn about that...

https://help.mikrotik.com/docs/display/ROS/Device-mode
 2024-09-30 16:23:43 +02:00
Christian Hesse
c2c72818de global-functions: $CertificateDownload: add another check... 
... that the certificate is really available.

Turns out that mkcert.org ships certificates where OU or whatever
matches - that's not what we want.
 2024-09-26 15:24:05 +02:00
Christian Hesse
60aa553219 hotspot-to-wpa-cleanup: only match access-list with mac-address 2024-09-25 11:01:40 +02:00
Christian Hesse
c708832b69 check-routeros-update: use $VersionToNum to calculate bitmask 2024-09-16 11:54:02 +02:00
Christian Hesse
734a80ba82 backup-partition: use $VersionToNum to calculate bitmask 2024-09-13 10:29:06 +02:00
Christian Hesse
41b19b045a global-functions: $VersionToNum: support "zero"... 
... to have a clean way to generate bitmasks.

    [admin@mikrotik] > :put [ $VersionToNum 0.255zero0 ]
    16711680
    [admin@mikrotik] > :put 0x00ff0000
    16711680

Once implemented everywhere the internal calculation could be
changed easily.
 2024-09-13 10:22:06 +02:00
Christian Hesse
fe52bd4a0a fw-addr-lists: use lists in JSON format for spamhaus.org 2024-09-11 10:49:04 +02:00
Christian Hesse
d23d05f2ea fw-addr-lists: handle JSON format from spamhaus.org 
Closes: https://github.com/eworm-de/routeros-scripts/issues/79
 2024-09-11 10:48:45 +02:00
Christian Hesse
09dcd51feb netwatch-dns: give warning on CRL use 2024-09-05 09:54:35 +02:00
Christian Hesse
9737bfa46a certs: add poor man's check 😜 2024-09-04 11:55:02 +02:00
Christian Hesse
21fa46fdf6 certs: drop 'Baltimore CyberTrust Root' 2024-08-28 17:59:44 +02:00
Christian Hesse
f4c97559b3 fw-addr-lists: drop edrop.txt, which does no longer exist 2024-08-28 17:56:48 +02:00
Christian Hesse
917be4b425 fw-addr-lists: spamhaus.org requires 'GTS Root R4' now 
Fixes: https://github.com/eworm-de/routeros-scripts/issues/78
 2024-08-28 17:55:28 +02:00
Christian Hesse
48fd281c1d certs: drop 'DigiCert Global Root CA' 2024-08-27 16:43:35 +02:00
Christian Hesse
90632f223a doc/netwatch-dns: 'DigiCert Global Root G3' for Quad9 2024-08-27 10:59:51 +02:00
Christian Hesse
3e9a7ea75a certs: add 'DigiCert Global Root G3'... 
... for quad9.net which can be used for DoH:

$CertificateAvailable "DigiCert Global Root G3";
/ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes;
 2024-08-27 09:38:13 +02:00
Christian Hesse
f17502d3d0 check-routeros-update: support switching to stable channel... 
... with a feature update in testing channel.
 2024-08-20 11:08:05 +02:00
Christian Hesse
d360cc05be netwatch-dns: disable DoH if time not sync... 
... as it is possible that time is off, DNS via DoH fails (cert invalid),
and finally syncing time fails due to failing DNS.
 2024-08-19 15:10:37 +02:00
Christian Hesse
f952ea73e6 INITIAL-COMMANDS: match the certificate file name from Let's Encrypt website... 
... and our README. 😜
 2024-08-19 15:10:16 +02:00
Christian Hesse
342d459436 README: match the certificate file name from Let's Encrypt website... 
... so import from manually downloaded and transferred file works
out of the box as well.
 2024-08-19 15:06:32 +02:00
Christian Hesse
c28574b8f4 README: make the QR code a link 2024-08-19 10:35:37 +02:00
Christian Hesse
32474c751f telegram-chat: drop extra conversion 
The JSON parser was actually fixed in RouterOS 7.15beta4, but let's bump
the required version to next stable release instead.
 2024-07-25 09:15:41 +02:00
Christian Hesse
a017f24224 daily-psk: drop workaround for old RouterOS 2024-07-25 09:15:41 +02:00
Christian Hesse
209c37664b netwatch-notify: do not switch type when resolving 
This requires RouterOS 7.15beta4, but let's bump the required version
to next stable release instead.
 2024-07-25 09:15:41 +02:00
Christian Hesse
8f43b802bc INITIAL-COMMANDS: drop command to remove certificate file... 
... as this is done automatically with RouterOS 7.15rc1 and later.
 2024-07-25 09:11:26 +02:00
Christian Hesse
22d93d0708 README: drop command to remove certificate file... 
... as this is done automatically with RouterOS 7.15rc1 and later.

Not bumping the required RouterOS version (badge) here... Worst thing
that can happen is a stale certificate file left on storage.
 2024-07-25 09:11:26 +02:00