0

In a script I use following line to find out whether some address is already in a list:

/ip fire addr find where list=$listName address=$logIp

The block looks as follows:

:if ([:len [/ip fire addr find where list=$listName address=$logIp]] < 1) do={ /ip fire addr add address=$logIp list=$listName timeout=7d :log info message="failed src_ip=$logIp" }

The problem is that if I already have a subnet in the list, for example 205.210.31.0/24, following addresses are still added individually:

  • 205.210.31.109
  • 205.210.31.164
  • 205.210.31.199

because they weren't found by the find command.

How to find out if an address is in an address list, also taking subnets into account? Subnets should be not only /24, but of any size.

Improve this question
4
  • But if there already is a whole subnet in the address list, shouldn't those clients have already been denied access before they can even trigger the script at all? Commented May 12 at 8:33
  • @grawity: that is not so easy. The script crawls over persisting log entries not older than some age. Commented May 12 at 8:36
  • Does it have to run on the router directly, as opposed to running as a cron job on some management host? Commented May 12 at 8:43
  • I am just looking for a solution to ban IPSec hunters. If someone failed to log in successfully, it gets banned for 7 days. Found this: forum.mikrotik.com/viewtopic.php?t=148397 Commented May 12 at 8:45

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.