diff options
| author |  Christian Hesse <mail@eworm.de> | 2020-12-18 15:32:51 +0100 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2020-12-18 15:32:51 +0100 |
| commit | be757722560df23796a3b0e3b290e6265b043431 (patch) | |
| tree | 045a4911df6ec6a813f65546280955493d18631c | |
| parent | 62598b66531f7fe794300a298ee09849b317edab (diff) | |
| parent | 3657830582c4e5b4c75050bc2145adee52fbef28 (diff) | |
Merge branch 'ipv6-update'
| -rw-r--r-- | doc/ipv6-update.md | 9 | ||||
| -rw-r--r-- | global-config | 2 | ||||
| -rw-r--r-- | global-config-overlay | 2 | ||||
| -rw-r--r-- | global-config.changes | 1 | ||||
| -rw-r--r-- | global-functions | 2 | ||||
| -rw-r--r-- | ipv6-update | 25 |
6 files changed, 34 insertions, 7 deletions
diff --git a/doc/ipv6-update.md b/doc/ipv6-update.md index 93ada42..f736433 100644 --- a/doc/ipv6-update.md +++ b/doc/ipv6-update.md @@ -40,6 +40,15 @@ firewall rules, comment has to be "`ipv6-pool-`" and actual pool name: / ipv6 firewall address-list add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern; +As this entry is mandatory it is created automatically if it does not exist, +with the comment also set for list. + +Address list entries for specific interfaces can be updated as well. The +interface needs to get its address from pool `isp` and the address list entry +has to be associated to an interface in comment: + + / ipv6 firewall address-list add address=2003:cf:2f0f:de01::/64 comment="ipv6-pool-isp, interface=br-local" list=local; + Static DNS records need a special comment to be updated. Again it has to start with "`ipv6-pool-`" and actual pool name, followed by a comma, "`interface=`" and the name of interface this address is connected to: diff --git a/global-config b/global-config index 6c94b1b..2b1586e 100644 --- a/global-config +++ b/global-config @@ -8,7 +8,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! -:global GlobalConfigVersion 38; +:global GlobalConfigVersion 39; # This is used for DNS and backup file. :global Domain "example.com"; diff --git a/global-config-overlay b/global-config-overlay index 46da208..93bd84b 100644 --- a/global-config-overlay +++ b/global-config-overlay @@ -9,7 +9,7 @@ # Make sure all configuration properties are up to date and this # value is in sync with value in script 'global-functions'! # Comment or remove to disable change notifications. -:global GlobalConfigVersion 38; +:global GlobalConfigVersion 39; # Copy configuration from global-config here and modify it. diff --git a/global-config.changes b/global-config.changes index 306a866..343f5bf 100644 --- a/global-config.changes +++ b/global-config.changes @@ -47,4 +47,5 @@ $CertificateAvailable "R3"; 36="Added support for installing updates automatically if seen in neighbor list."; 37="Implemented simple dependency model in 'netwatch-notify'."; 38="Imported new Let's Encrypt intermediate certificate 'R3'."; + 39="Added support for interface specific address list entries in 'ipv6-update'."; }; diff --git a/global-functions b/global-functions index 6b29157..51396bf 100644 --- a/global-functions +++ b/global-functions @@ -8,7 +8,7 @@ # https://git.eworm.de/cgit/routeros-scripts/about/ # expected configuration version -:global ExpectedConfigVersion 38; +:global ExpectedConfigVersion 39; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/ipv6-update b/ipv6-update index 4fdda3d..2224a11 100644 --- a/ipv6-update +++ b/ipv6-update @@ -17,15 +17,32 @@ :local Pool [ / ipv6 pool get [ find where prefix=$PdPrefix ] name ]; :local AddrList [ / ipv6 firewall address-list find where comment=("ipv6-pool-" . $Pool) ]; +:if ([ :len $AddrList ] = 0) do={ + :log info ("Missing ipv6 address list entry for ipv6-pool-" . $Pool . ", adding."); + / ipv6 firewall address-list add list=("ipv6-pool-" . $Pool) address=:: comment=("ipv6-pool-" . $Pool); + :set AddrList [ / ipv6 firewall address-list find where comment=("ipv6-pool-" . $Pool) ]; +} :local OldPrefix [ / ipv6 firewall address-list get $AddrList address ]; -# give the interfaces a moment to receive their addresses -:delay 2s; - -if ($OldPrefix != $PdPrefix) do={ +:if ($OldPrefix != $PdPrefix) do={ :log info ("Updating IPv6 address list with new IPv6 prefix " . $PdPrefix); / ipv6 firewall address-list set address=$PdPrefix $AddrList; + # give the interfaces a moment to receive their addresses + :delay 2s; + + :foreach ListEntry in=[ / ipv6 firewall address-list find where comment~("^ipv6-pool-" . $Pool . ",") ] do={ + :local ListEntryVal [ / ipv6 firewall address-list get $ListEntry ]; + :local Comment [ $ParseKeyValueStore ($ListEntryVal->"comment") ]; + + :local Address [ / ipv6 address find where from-pool=$Pool interface=($Comment->"interface") ]; + :if ([ :len $Address ] = 1) do={ + :set Address [ / ipv6 address get $Address address ]; + :log info ("Updating IPv6 address list with new IPv6 prefix " . $Address . " from interface " . ($Comment->"interface")); + / ipv6 firewall address-list set address=$Address $ListEntry; + } + } + :foreach Record in=[ / ip dns static find where comment~("^ipv6-pool-" . $Pool . ",") ] do={ :local RecordVal [ / ip dns static get $Record ]; :local Comment [ $ParseKeyValueStore ($RecordVal->"comment") ]; |