Skip to content

Commit cb1396d

Browse files
j3n57h0m45LaurenceJJones
j3n57h0m45
and
LaurenceJJones
authored
fix generated RouterOS script, clean up template (#100)
* update readme with latest MikroTik script * fix generated RouterOS script, clean up template * Update docker readme * enhancement: remove scenario splitting as not needed * enhancement: gofmt myself * enhancement: Remove whitelist removal in for loop --------- Co-authored-by: Laurence Jones <[email protected]>
1 parent 53eccf4 commit cb1396d

File tree

3 files changed

+31
-53
lines changed

3 files changed

+31
-53
lines changed

docker/README.md

Lines changed: 7 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -141,21 +141,14 @@ Generates a MikroTik Script that the device can execute to populate the specifie
141141

142142
Example output:
143143
```bash
144-
:global CrowdSecBlockIP do={
145-
:local list "foo"
146-
:local address $1
147-
:local comment $2
148-
:local timeout $3
149-
onerror e in={
150-
/ip firewall address-list add list=$list address=$address comment=$comment timeout="$timeout"
151-
} do={
152-
/ip firewall address-list remove [ find list=$list address="$address" ]
153-
/ip firewall address-list add list=$list address=$address comment=$comment timeout="$timeout"
154-
}
144+
/ip/firewall/address-list/remove [ find where list="foo" ];
145+
:global CrowdSecAddIP;
146+
:set CrowdSecAddIP do={
147+
:do { /ip/firewall/address-list/add list=foo address=$1 comment="$2" timeout=$3; } on-error={ }
155148
}
156-
$CrowdSecBlockIP 1.2.3.4 "crowdsecurity/ssh-bf" 152h40m24s
157-
$CrowdSecBlockIP 4.3.2.1 "crowdsecurity/postfix-spam" 166h40m25s
158-
$CrowdSecBlockIP 2001:470:1:c84::17 "crowdsecurity/ssh-bf" 165h13m42s
149+
$CrowdSecAddIP 1.2.3.4 "ssh-bf" 152h40m24s
150+
$CrowdSecAddIP 4.3.2.1 "postfix-spam" 166h40m25s
151+
$CrowdSecAddIP 2001:470:1:c84::17 "ssh-bf" 165h13m42s
159152
```
160153

161154
#### Example: MikroTik import script

pkg/formatters/mikrotik/mikrotik.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ func Format(w http.ResponseWriter, r *http.Request) {
4242
data := CustomMikrotikData{
4343
ListName: listName,
4444
Decisions: decisions,
45-
NameOfMikrotikFunction: "CrowdSecBlockIP",
45+
NameOfMikrotikFunction: "CrowdSecAddIP",
4646
IPv6Only: ipv6only,
4747
IPv4Only: ipv4only,
4848
}

pkg/formatters/mikrotik/mikrotik.tmpl

Lines changed: 23 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,46 +1,31 @@
1-
{{if not $.IPv6Only -}}
2-
:global {{$.NameOfMikrotikFunction}} do={
3-
:local list "{{$.ListName}}"
4-
:local address $1
5-
:local comment $2
6-
:local timeout $3
7-
onerror e in={
8-
/ip firewall address-list add list=$list address=$address comment=$comment timeout="$timeout"
9-
} do={
10-
/ip firewall address-list remove [ find list=$list address="$address" ]
11-
/ip firewall address-list add list=$list address=$address comment=$comment timeout="$timeout"
12-
}
1+
{{ if not $.IPv6Only }}
2+
/ip/firewall/address-list/remove [ find where list="{{$.ListName}}" ];
3+
:global {{$.NameOfMikrotikFunction}};
4+
:set {{$.NameOfMikrotikFunction}} do={
5+
:do { /ip/firewall/address-list/add list={{$.ListName}} address=$1 comment="$2" timeout=$3; } on-error={ }
136
}
14-
{{- if not $.IPv4Only}}
15-
{{end}}{{end}}
16-
{{- if not $.IPv4Only -}}
17-
:global {{$.NameOfMikrotikFunction}}v6 do={
18-
:local list "{{$.ListName}}"
19-
:local address $1
20-
:local comment $2
21-
:local timeout $3
22-
onerror e in={
23-
/ipv6 firewall address-list add list=$list address=$address comment=$comment timeout="$timeout"
24-
} do={
25-
/ipv6 firewall address-list remove [ find list=$list address="$address" ]
26-
/ipv6 firewall address-list add list=$list address=$address comment=$comment timeout="$timeout"
27-
}
7+
{{ end -}}
8+
{{ if not $.IPv4Only }}
9+
/ipv6/firewall/address-list/remove [ find where list="{{$.ListName}}" ];
10+
:global {{$.NameOfMikrotikFunction}}v6;
11+
:set {{$.NameOfMikrotikFunction}}v6 do={
12+
:do { /ipv6/firewall/address-list/add list={{$.ListName}} address=$1 comment="$2" timeout=$3; } on-error={ }
2813
}
29-
{{- end -}}
14+
{{ end -}}
3015

31-
{{- range .Decisions}}
32-
{{ $ipv6Check := contains .Value ":"}}
16+
{{- range .Decisions -}}
17+
{{ $ipv6Check := contains .Value ":" }}
3318
{{- if not $ipv6Check -}}
34-
${{$.NameOfMikrotikFunction}} {{.Value}} "{{.Scenario}}" {{.Duration}}
19+
${{$.NameOfMikrotikFunction}} "{{.Value}}" "{{.Scenario}}" "{{.Duration}}"
3520
{{- else -}}
36-
${{$.NameOfMikrotikFunction}}v6 {{.Value}} "{{.Scenario}}" {{.Duration}}
37-
{{- end }}
21+
${{$.NameOfMikrotikFunction}}v6 "{{.Value}}" "{{.Scenario}}" "{{.Duration}}"
3822
{{- end }}
23+
{{ end -}}
3924

40-
{{- if not $.IPv6Only }}
41-
:set {{$.NameOfMikrotikFunction}}
42-
{{- end}}
43-
{{- if not $.IPv4Only }}
44-
:set {{$.NameOfMikrotikFunction}}v6
45-
{{- end}}
25+
{{ if not $.IPv6Only }}
26+
:set {{$.NameOfMikrotikFunction}};
27+
{{- end -}}
28+
{{ if not $.IPv4Only }}
29+
:set {{$.NameOfMikrotikFunction}}v6;
30+
{{- end -}}
4631

0 commit comments

Comments
 (0)