mirror.MikroTik/eworm.routeros-scripts
1
0
Fork 0
mirror of https://git.eworm.de/cgit/routeros-scripts synced 2025-07-08 17:14:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
2926 commits 4 branches 238 tags 6.9 MiB
Commit graph

2926 commits

This branch
This branch
All branches
Author SHA1 Message Date
Christian Hesse
c955c94098 update list of contributors 2024-10-02 14:02:29 +02:00
Christian Hesse
98e62e3eac update list of contributors 2024-10-01 21:42:20 +02:00
Ignacio Serrano
5135e836b8 mod/notification-ntfy: fix ntfy overrides 2024-10-01 20:32:37 +02:00
Christian Hesse
f75e701be3 log-forward: get last message from log... 
... not only from matched massages.
 2024-09-30 21:51:31 +02:00
Christian Hesse
f2576cf558 packages-update: give warning on lock in device-mode 
RouterOS 7.17beta2 introduced some extra security measures, including
some to prevent downgrade attacks for the installation. Detect early
and exit with message and error.

https://help.mikrotik.com/docs/display/ROS/Device-mode
 2024-09-30 16:23:50 +02:00
Christian Hesse
1776b8f50b backup-partition: give warning on lock in device-mode 
RouterOS 7.17beta2 introduced some extra security measures, including
some to prevent downgrade attacks for the installation. Thus switching
partitions (which can hold quite old installations) is denied by
device-mode now by default. Warn about that...

https://help.mikrotik.com/docs/display/ROS/Device-mode
 2024-09-30 16:23:43 +02:00
Christian Hesse
c2c72818de global-functions: $CertificateDownload: add another check... 
... that the certificate is really available.

Turns out that mkcert.org ships certificates where OU or whatever
matches - that's not what we want.
 2024-09-26 15:24:05 +02:00
Christian Hesse
60aa553219 hotspot-to-wpa-cleanup: only match access-list with mac-address 2024-09-25 11:01:40 +02:00
Christian Hesse
c708832b69 check-routeros-update: use $VersionToNum to calculate bitmask 2024-09-16 11:54:02 +02:00
Christian Hesse
734a80ba82 backup-partition: use $VersionToNum to calculate bitmask 2024-09-13 10:29:06 +02:00
Christian Hesse
41b19b045a global-functions: $VersionToNum: support "zero"... 
... to have a clean way to generate bitmasks.

    [admin@mikrotik] > :put [ $VersionToNum 0.255zero0 ]
    16711680
    [admin@mikrotik] > :put 0x00ff0000
    16711680

Once implemented everywhere the internal calculation could be
changed easily.
 2024-09-13 10:22:06 +02:00
Christian Hesse
fe52bd4a0a fw-addr-lists: use lists in JSON format for spamhaus.org 2024-09-11 10:49:04 +02:00
Christian Hesse
d23d05f2ea fw-addr-lists: handle JSON format from spamhaus.org 
Closes: https://github.com/eworm-de/routeros-scripts/issues/79
 2024-09-11 10:48:45 +02:00
Christian Hesse
09dcd51feb netwatch-dns: give warning on CRL use 2024-09-05 09:54:35 +02:00
Christian Hesse
9737bfa46a certs: add poor man's check 😜 2024-09-04 11:55:02 +02:00
Christian Hesse
21fa46fdf6 certs: drop 'Baltimore CyberTrust Root' 2024-08-28 17:59:44 +02:00
Christian Hesse
f4c97559b3 fw-addr-lists: drop edrop.txt, which does no longer exist 2024-08-28 17:56:48 +02:00
Christian Hesse
917be4b425 fw-addr-lists: spamhaus.org requires 'GTS Root R4' now 
Fixes: https://github.com/eworm-de/routeros-scripts/issues/78
 2024-08-28 17:55:28 +02:00
Christian Hesse
48fd281c1d certs: drop 'DigiCert Global Root CA' 2024-08-27 16:43:35 +02:00
Christian Hesse
90632f223a doc/netwatch-dns: 'DigiCert Global Root G3' for Quad9 2024-08-27 10:59:51 +02:00
Christian Hesse
3e9a7ea75a certs: add 'DigiCert Global Root G3'... 
... for quad9.net which can be used for DoH:

$CertificateAvailable "DigiCert Global Root G3";
/ip/dns/set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes;
 2024-08-27 09:38:13 +02:00
Christian Hesse
f17502d3d0 check-routeros-update: support switching to stable channel... 
... with a feature update in testing channel.
 2024-08-20 11:08:05 +02:00
Christian Hesse
d360cc05be netwatch-dns: disable DoH if time not sync... 
... as it is possible that time is off, DNS via DoH fails (cert invalid),
and finally syncing time fails due to failing DNS.
 2024-08-19 15:10:37 +02:00
Christian Hesse
f952ea73e6 INITIAL-COMMANDS: match the certificate file name from Let's Encrypt website... 
... and our README. 😜
 2024-08-19 15:10:16 +02:00
Christian Hesse
342d459436 README: match the certificate file name from Let's Encrypt website... 
... so import from manually downloaded and transferred file works
out of the box as well.
 2024-08-19 15:06:32 +02:00
Christian Hesse
c28574b8f4 README: make the QR code a link 2024-08-19 10:35:37 +02:00
Christian Hesse
32474c751f telegram-chat: drop extra conversion 
The JSON parser was actually fixed in RouterOS 7.15beta4, but let's bump
the required version to next stable release instead.
 2024-07-25 09:15:41 +02:00
Christian Hesse
a017f24224 daily-psk: drop workaround for old RouterOS 2024-07-25 09:15:41 +02:00
Christian Hesse
209c37664b netwatch-notify: do not switch type when resolving 
This requires RouterOS 7.15beta4, but let's bump the required version
to next stable release instead.
 2024-07-25 09:15:41 +02:00
Christian Hesse
8f43b802bc INITIAL-COMMANDS: drop command to remove certificate file... 
... as this is done automatically with RouterOS 7.15rc1 and later.
 2024-07-25 09:11:26 +02:00
Christian Hesse
22d93d0708 README: drop command to remove certificate file... 
... as this is done automatically with RouterOS 7.15rc1 and later.

Not bumping the required RouterOS version (badge) here... Worst thing
that can happen is a stale certificate file left on storage.
 2024-07-25 09:11:26 +02:00
Christian Hesse
511184a4a7 global-functions: $EitherOr: revert... 
... but leave a comment.
 2024-07-22 21:14:03 +02:00
Christian Hesse
8ea7805541 global-functions: $EitherOr: pass boolean value 
Note that literal "true" or "false" (even without quotes) is converted
to string. So you may have to enclose it in parentheses for a boolean
value:

    > :put [ :typeof [ $EitherOr true false ] ];
    str
    > :put [ :typeof [ $EitherOr (true) (false) ] ];
    bool
 2024-07-22 18:28:56 +02:00
Christian Hesse
380b3b3137 Merge branch 'line-breaks' into next 2024-07-16 14:19:17 +02:00
Christian Hesse
6fbafe76ba bump RouterOS requirement for all scripts and modules... 
... now that global-functions requires RouterOS 7.14 anyway.
 2024-07-16 13:50:22 +02:00
Christian Hesse
075a9bd6c4 mod/ipcalc: use :tocrlf 2024-07-16 13:50:22 +02:00
Christian Hesse
2b758b83fd mod/inspectvar: use :tocrlf 2024-07-16 13:50:22 +02:00
Christian Hesse
2fd0d27447 global-functions: $Unix2Dos: use :tocrlf 2024-07-16 13:50:22 +02:00
Christian Hesse
8f75d542f3 global-functions: $PrettyPrint: use :tocrlf 2024-07-16 13:50:22 +02:00
Christian Hesse
8074305b92 global-functions: $Dos2Unix: use :tolf 2024-07-16 13:50:22 +02:00
Christian Hesse
f2ca62aed0 global-functions: $ScriptInstallUpdate: support storing with CRLF 
Adding this in `global-config-overlay` make the scripts being stored
with CRLF line breaks:

    :global ScriptUpdatesCRLF true;

Handle with care, I do not recommend it. Thus it's just a hidden
setting.
 2024-07-16 13:50:22 +02:00
Christian Hesse
a26f78329a ppp-on-up: support scripts with CRLF line breaks 2024-07-16 13:50:22 +02:00
Christian Hesse
ee928605df news-and-changes: support scripts with CRLF line breaks 2024-07-16 13:50:22 +02:00
Christian Hesse
7cf0c5b205 capsman-download-packages: support scripts with CRLF line breaks 2024-07-16 13:50:22 +02:00
Christian Hesse
68f61ae622 global-functions: $ScriptInstallUpdate: allow CRLF on device 2024-07-16 13:50:22 +02:00
Christian Hesse
2d42fed621 global-functions: $ScriptInstallUpdate: forcibly convert to LF... 
... to make sure we do not have unintended CRLF line breaks.
 2024-07-16 13:50:22 +02:00
Christian Hesse
0101b56bff README: use :tocrlf to convert global-config-overlay 2024-07-16 13:50:22 +02:00
Christian Hesse
f09fa83105 doc/mod/ssh-keys-import: drop hint on older RouterOS 2024-07-16 13:49:54 +02:00
Christian Hesse
3fd1896ad6 capsman-download-packages: support running several scripts... 
... as it is possible to have more than just one providing
the functionality.
 2024-07-11 08:57:09 +02:00
Christian Hesse
78dfc568c1 capsman-{download-packages,rolling-upgrade}: run matching script 
It is possible to run old and new CAPsMAN on one system simultaneously
(... since RouterOS 7.13?). Thus it may make sense to have both variants
of these scripts installed, and we have to make sure to run the correct
one.
 2024-07-11 08:45:53 +02:00