diff options
-rw-r--r-- | INITIAL-COMMANDS.md | 5 | ||||
-rw-r--r-- | README.d/01-download-certs.avif | bin | 4596 -> 4890 bytes | |||
-rw-r--r-- | README.d/03-check-certs.avif | bin | 8932 -> 8047 bytes | |||
-rw-r--r-- | README.md | 9 | ||||
-rw-r--r-- | backup-partition.rsc | 3 | ||||
-rw-r--r-- | certs/Baltimore-CyberTrust-Root.pem | 28 | ||||
-rw-r--r-- | certs/DigiCert-Global-Root-CA.pem | 29 | ||||
-rw-r--r-- | certs/DigiCert-Global-Root-G3.pem | 22 | ||||
-rw-r--r-- | certs/Makefile | 31 | ||||
-rw-r--r-- | check-routeros-update.rsc | 13 | ||||
-rw-r--r-- | daily-psk.capsman.rsc | 3 | ||||
-rw-r--r-- | daily-psk.local.rsc | 3 | ||||
-rw-r--r-- | daily-psk.template.rsc | 5 | ||||
-rw-r--r-- | daily-psk.wifi.rsc | 5 | ||||
-rw-r--r-- | doc/daily-psk.md | 2 | ||||
-rw-r--r-- | doc/netwatch-dns.md | 2 | ||||
-rw-r--r-- | doc/netwatch-notify.md | 2 | ||||
-rw-r--r-- | doc/telegram-chat.md | 2 | ||||
-rw-r--r-- | fw-addr-lists.rsc | 7 | ||||
-rw-r--r-- | global-config.rsc | 8 | ||||
-rw-r--r-- | global-functions.rsc | 4 | ||||
-rw-r--r-- | netwatch-dns.rsc | 12 | ||||
-rw-r--r-- | netwatch-notify.rsc | 5 | ||||
-rw-r--r-- | telegram-chat.rsc | 4 |
24 files changed, 113 insertions, 91 deletions
diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md index 2be51c5..84a88fe 100644 --- a/INITIAL-COMMANDS.md +++ b/INITIAL-COMMANDS.md @@ -17,13 +17,12 @@ Initial commands Run the complete base installation: { - /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="ISRG-Root-X2.pem" as-value; + /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem" as-value; :delay 1s; - /certificate/import file-name=ISRG-Root-X2.pem passphrase=""; + /certificate/import file-name=isrg-root-x2.pem passphrase=""; :if ([ :len [ /certificate/find where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 1) do={ :error "Something is wrong with your certificates!"; }; - /file/remove [ find where name="ISRG-Root-X2.pem" ]; :delay 1s; /system/script/set name=("global-config-overlay-" . [ /system/clock/get date ] . "-" . [ /system/clock/get time ]) [ find where name="global-config-overlay" ]; :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ diff --git a/README.d/01-download-certs.avif b/README.d/01-download-certs.avif Binary files differindex 4a074eb..d41ca05 100644 --- a/README.d/01-download-certs.avif +++ b/README.d/01-download-certs.avif diff --git a/README.d/03-check-certs.avif b/README.d/03-check-certs.avif Binary files differindex 46b7220..4717b3e 100644 --- a/README.d/03-check-certs.avif +++ b/README.d/03-check-certs.avif @@ -69,7 +69,7 @@ download the certificates. If you intend to download the scripts from a different location (for example from github.com) install the corresponding certificate chain. - /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="ISRG-Root-X2.pem"; + /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem"; ![screenshot: download certs](README.d/01-download-certs.avif) @@ -81,7 +81,7 @@ file to your MikroTik device. Then we import the certificate. - /certificate/import file-name=ISRG-Root-X2.pem passphrase=""; + /certificate/import file-name=isrg-root-x2.pem passphrase=""; Do not worry that the command is not shown - that happens because it contains a sensitive property, the passphrase. @@ -90,11 +90,10 @@ a sensitive property, the passphrase. For basic verification we rename the certificate and print it by fingerprint. Make sure exactly this one certificate ("*ISRG-Root-X2*") -is shown. Also remove the left over file. +is shown. /certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ]; /certificate/print proplist=name,fingerprint where fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470"; - /file/remove [ find where name="ISRG-Root-X2.pem" ]; ![screenshot: check certs](README.d/03-check-certs.avif) @@ -365,7 +364,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Upstream -------- -![upstream](README.d/upstream.png) +[![upstream](README.d/upstream.png)](https://rsc.eworm.de/) URL: [GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts) diff --git a/backup-partition.rsc b/backup-partition.rsc index 23dd7ef..51df454 100644 --- a/backup-partition.rsc +++ b/backup-partition.rsc @@ -81,8 +81,9 @@ :local Update [ /system/package/update/get ]; :local NumInstalled [ $VersionToNum ($Update->"installed-version") ]; :local NumLatest [ $VersionToNum ($Update->"latest-version") ]; + :local BitMask [ $VersionToNum "255.255zero0" ]; :if ($BackupPartitionCopyBeforeFeatureUpdate = true && $NumLatest > 0 && \ - ($NumInstalled & 0xffff0000) != ($NumLatest & 0xffff0000)) do={ + ($NumInstalled & $BitMask) != ($NumLatest & $BitMask)) do={ :if ([ $CopyTo $ScriptName $FallbackTo $FallbackToName ] = false) do={ :set PackagesUpdateBackupFailure true; :error false; diff --git a/certs/Baltimore-CyberTrust-Root.pem b/certs/Baltimore-CyberTrust-Root.pem deleted file mode 100644 index de8121a..0000000 --- a/certs/Baltimore-CyberTrust-Root.pem +++ /dev/null @@ -1,28 +0,0 @@ -# Issuer: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust -# Subject: CN=Baltimore CyberTrust Root O=Baltimore OU=CyberTrust -# Label: "Baltimore CyberTrust Root" -# Serial: 33554617 -# MD5 Fingerprint: ac:b6:94:a5:9c:17:e0:d7:91:52:9b:b1:97:06:a6:e4 -# SHA1 Fingerprint: d4:de:20:d0:5e:66:fc:53:fe:1a:50:88:2c:78:db:28:52:ca:e4:74 -# SHA256 Fingerprint: 16:af:57:a9:f6:76:b0:ab:12:60:95:aa:5e:ba:de:f2:2a:b3:11:19:d6:44:ac:95:cd:4b:93:db:f3:f2:6a:eb ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ -RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD -VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX -DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y -ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy -VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr -mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr -IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK -mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu -XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy -dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye -jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 -BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 -DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 -9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx -jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 -Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz -ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS -R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp ------END CERTIFICATE----- diff --git a/certs/DigiCert-Global-Root-CA.pem b/certs/DigiCert-Global-Root-CA.pem deleted file mode 100644 index b0f0013..0000000 --- a/certs/DigiCert-Global-Root-CA.pem +++ /dev/null @@ -1,29 +0,0 @@ -# Issuer: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com -# Subject: CN=DigiCert Global Root CA O=DigiCert Inc OU=www.digicert.com -# Label: "DigiCert Global Root CA" -# Serial: 10944719598952040374951832963794454346 -# MD5 Fingerprint: 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e -# SHA1 Fingerprint: a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36 -# SHA256 Fingerprint: 43:48:a0:e9:44:4c:78:cb:26:5e:05:8d:5e:89:44:b4:d8:4f:96:62:bd:26:db:25:7f:89:34:a4:43:c7:01:61 ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD -QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT -MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j -b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB -CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 -nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt -43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P -T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 -gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR -TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw -DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr -hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg -06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF -PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls -YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- diff --git a/certs/DigiCert-Global-Root-G3.pem b/certs/DigiCert-Global-Root-G3.pem new file mode 100644 index 0000000..12324dc --- /dev/null +++ b/certs/DigiCert-Global-Root-G3.pem @@ -0,0 +1,22 @@ +# Issuer: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com +# Subject: CN=DigiCert Global Root G3 O=DigiCert Inc OU=www.digicert.com +# Label: "DigiCert Global Root G3" +# Serial: 7089244469030293291760083333884364146 +# MD5 Fingerprint: f5:5d:a4:50:a5:fb:28:7e:1e:0f:0d:cc:96:57:56:ca +# SHA1 Fingerprint: 7e:04:de:89:6a:3e:66:6d:00:e6:87:d3:3f:fa:d9:3b:e8:3d:34:9e +# SHA256 Fingerprint: 31:ad:66:48:f8:10:41:38:c7:38:f3:9e:a4:32:01:33:39:3e:3a:18:cc:02:29:6e:f9:7c:2a:c9:ef:67:31:d0 +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- diff --git a/certs/Makefile b/certs/Makefile new file mode 100644 index 0000000..2e6ac9d --- /dev/null +++ b/certs/Makefile @@ -0,0 +1,31 @@ +# Makefile to check certificates + +DOMAINS = \ + 1.1.1.1/DigiCert-Global-Root-G2 \ + 8.8.8.8/GTS-Root-R1 \ + 9.9.9.9/DigiCert-Global-Root-G3 \ + api.macvendors.com/GTS-Root-R4 \ + api.mullvad.net/ISRG-Root-X1 \ + api.telegram.org/Go-Daddy-Root-Certificate-Authority-G2 \ + cloudflare-dns.com/DigiCert-Global-Root-G2 \ + dns.google/GTS-Root-R1 \ + dns.quad9.net/DigiCert-Global-Root-G3 \ + feodotracker.abuse.ch/GlobalSign \ + git.eworm.de/ISRG-Root-X2 \ + ipv4.showipv6.de/ISRG-Root-X1 \ + ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \ + ipv6.showipv6.de/ISRG-Root-X1 \ + lists.blocklist.de/Certum-Trusted-Network-CA \ + mkcert.org/ISRG-Root-X1 \ + ntfy.sh/ISRG-Root-X1 \ + sslbl.abuse.ch/GlobalSign \ + upgrade.mikrotik.com/ISRG-Root-X1 \ + www.dshield.org/ISRG-Root-X1 \ + www.spamhaus.org/GTS-Root-R4 + +.PHONY: $(DOMAINS) + +all: $(DOMAINS) + +$(DOMAINS): + curl --output /dev/null --silent --connect-timeout 5 --cacert $(notdir $@).pem https://$(dir $@) diff --git a/check-routeros-update.rsc b/check-routeros-update.rsc index d45432a..f73f5ac 100644 --- a/check-routeros-update.rsc +++ b/check-routeros-update.rsc @@ -70,6 +70,8 @@ } :if ($NumInstalled < $NumLatest) do={ + :local BitMask [ $VersionToNum "255.255zero0" ]; + :if ($SafeUpdateAll ~ "^YES,? ?PLEASE!?\$") do={ $LogPrint info $ScriptName ("Installing ALL versions automatically, including " . \ $Update->"latest-version" . "..."); @@ -80,7 +82,7 @@ $DoUpdate; } - :if ($SafeUpdatePatch = true && ($NumInstalled & 0xffff0000) = ($NumLatest & 0xffff0000)) do={ + :if ($SafeUpdatePatch = true && ($NumInstalled & $BitMask) = ($NumLatest & $BitMask)) do={ $LogPrint info $ScriptName ("Version " . $Update->"latest-version" . " is a patch release, updating..."); $SendNotification2 ({ origin=$ScriptName; \ subject=([ $SymbolForNotification "sparkles" ] . "RouterOS update: " . $Update->"latest-version"); \ @@ -125,6 +127,15 @@ } :if ([ $ScriptFromTerminal $ScriptName ] = true) do={ + :if (($Update->"channel") = "testing" && ($NumInstalled & $BitMask) < ($NumLatest & $BitMask)) do={ + :put ("This is a feature update in testing channel. Switch to channel 'stable'? [y/N]"); + :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={ + /system/package/update/set channel=stable; + $LogPrint info $ScriptName ("Switched to channel 'stable', please re-run!"); + :error true; + } + } + :put ("Do you want to install RouterOS version " . $Update->"latest-version" . "? [y/N]"); :if (([ /terminal/inkey timeout=60 ] % 32) = 25) do={ $DoUpdate; diff --git a/daily-psk.capsman.rsc b/daily-psk.capsman.rsc index 6dafc08..0562e39 100644 --- a/daily-psk.capsman.rsc +++ b/daily-psk.capsman.rsc @@ -4,7 +4,7 @@ # Michael Gisbers <michael@gisbers.de> # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update daily PSK (pre shared key) # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md @@ -23,7 +23,6 @@ :global FormatLine; :global LogPrint; - :global RequiredRouterOS; :global ScriptLock; :global SendNotification2; :global SymbolForNotification; diff --git a/daily-psk.local.rsc b/daily-psk.local.rsc index 4709f3a..0bef0e9 100644 --- a/daily-psk.local.rsc +++ b/daily-psk.local.rsc @@ -4,7 +4,7 @@ # Michael Gisbers <michael@gisbers.de> # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update daily PSK (pre shared key) # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md @@ -23,7 +23,6 @@ :global FormatLine; :global LogPrint; - :global RequiredRouterOS; :global ScriptLock; :global SendNotification2; :global SymbolForNotification; diff --git a/daily-psk.template.rsc b/daily-psk.template.rsc index 6b7f5fd..9d71958 100644 --- a/daily-psk.template.rsc +++ b/daily-psk.template.rsc @@ -4,7 +4,7 @@ # Michael Gisbers <michael@gisbers.de> # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update daily PSK (pre shared key) # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md @@ -24,7 +24,6 @@ :global FormatLine; :global LogPrint; - :global RequiredRouterOS; :global ScriptLock; :global SendNotification2; :global SymbolForNotification; @@ -86,7 +85,7 @@ /interface/wireless/access-list/set $AccList private-pre-shared-key=$NewPsk; :if ([ :len [ /caps-man/actual-interface-configuration/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={ - :if ([ $RequiredRouterOS $ScriptName "7.15beta8" false ] = false || [ :len [ /interface/wifi/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={ + :if ([ :len [ /interface/wifi/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={ :if ([ :len [ /interface/wireless/find where name=$IntName !disabled ] ] = 1) do={ :if ($Seen->$Ssid = 1) do={ $LogPrint debug $ScriptName ("Already sent a mail for SSID " . $Ssid . ", skipping."); diff --git a/daily-psk.wifi.rsc b/daily-psk.wifi.rsc index 90c6ac5..83a896c 100644 --- a/daily-psk.wifi.rsc +++ b/daily-psk.wifi.rsc @@ -4,7 +4,7 @@ # Michael Gisbers <michael@gisbers.de> # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # update daily PSK (pre shared key) # https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md @@ -23,7 +23,6 @@ :global FormatLine; :global LogPrint; - :global RequiredRouterOS; :global ScriptLock; :global SendNotification2; :global SymbolForNotification; @@ -72,7 +71,7 @@ $LogPrint info $ScriptName ("Updating daily PSK for '" . $Ssid . "' to '" . $NewPsk . "' (was '" . $OldPsk . "')"); /interface/wifi/access-list/set $AccList passphrase=$NewPsk; - :if ([ $RequiredRouterOS $ScriptName "7.15beta8" false ] = false || [ :len [ /interface/wifi/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={ + :if ([ :len [ /interface/wifi/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={ :if ($Seen->$Ssid = 1) do={ $LogPrint debug $ScriptName ("Already sent a mail for SSID " . $Ssid . ", skipping."); } else={ diff --git a/doc/daily-psk.md b/doc/daily-psk.md index 2a15af5..4a3de64 100644 --- a/doc/daily-psk.md +++ b/doc/daily-psk.md @@ -4,7 +4,7 @@ Use wireless network with daily psk [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers) [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network) [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers) -[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.14-yellow?style=flat)](https://mikrotik.com/download/changelogs/) +[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.15-yellow?style=flat)](https://mikrotik.com/download/changelogs/) [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts) [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md index ff6c29c..54dd6c6 100644 --- a/doc/netwatch-dns.md +++ b/doc/netwatch-dns.md @@ -63,7 +63,7 @@ Importing a certificate automatically is possible, at least if available in the repository (see `certs` sub directory). /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G2" host=1.1.1.1; - /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root CA" host=9.9.9.9; + /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G3" host=9.9.9.9; /tool/netwatch/add comment="doh, doh-cert=GTS Root R1" host=8.8.8.8; Sometimes using just one specific (possibly internal) DNS server may be diff --git a/doc/netwatch-notify.md b/doc/netwatch-notify.md index f504ed7..948cbec 100644 --- a/doc/netwatch-notify.md +++ b/doc/netwatch-notify.md @@ -4,7 +4,7 @@ Notify on host up and down [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers) [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network) [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers) -[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.14-yellow?style=flat)](https://mikrotik.com/download/changelogs/) +[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.15-yellow?style=flat)](https://mikrotik.com/download/changelogs/) [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts) [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/doc/telegram-chat.md b/doc/telegram-chat.md index 95f8cf9..1e6f70f 100644 --- a/doc/telegram-chat.md +++ b/doc/telegram-chat.md @@ -4,7 +4,7 @@ Chat with your router and send commands via Telegram bot [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers) [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network) [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers) -[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.14-yellow?style=flat)](https://mikrotik.com/download/changelogs/) +[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.15-yellow?style=flat)](https://mikrotik.com/download/changelogs/) [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts) [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J) diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc index 4930e86..4675e3a 100644 --- a/fw-addr-lists.rsc +++ b/fw-addr-lists.rsc @@ -88,7 +88,12 @@ :while ([ :len $Data ] != 0) do={ :local Line [ :pick $Data 0 [ :find $Data "\n" ] ]; - :local Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); + :local Address; + :if ([ :pick $Line 0 1 ] = "{") do={ + :set Address [ :tostr ([ :deserialize from=json $Line ]->"cidr") ]; + } else={ + :set Address ([ :pick $Line 0 [ $FindDelim $Line ] ] . ($List->"cidr")); + } :do { :if ($Address ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}(/[0-9]{1,2})?\$") do={ :set ($IPv4Addresses->$Address) $TimeOut; diff --git a/global-config.rsc b/global-config.rsc index cdc1d5c..2ed67f3 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -105,10 +105,10 @@ cert="ISRG Root X1" }; { url="https://lists.blocklist.de/lists/strongips.txt"; cert="Certum Trusted Network CA" }; -# { url="https://www.spamhaus.org/drop/drop.txt"; -# cert="Baltimore CyberTrust Root" }; -# { url="https://www.spamhaus.org/drop/edrop.txt"; -# cert="Baltimore CyberTrust Root" }; +# { url="https://www.spamhaus.org/drop/drop_v4.json"; +# cert="GTS Root R4" }; +# { url="https://www.spamhaus.org/drop/drop_v6.json"; +# cert="GTS Root R4" }; }; # "mikrotik"={ # { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/mikrotik"; diff --git a/global-functions.rsc b/global-functions.rsc index 54dcb68..9ee5312 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -388,6 +388,7 @@ :if ([ :typeof $1 ] = "time") do={ :return [ $IfThenElse ($1 > 0s) $1 $2 ]; } + # this works for boolean values, literal ones with parentheses :return [ $IfThenElse ([ :len [ :tostr $1 ] ] > 0) $1 $2 ]; } @@ -1484,7 +1485,7 @@ :global CharacterReplace; :set Input [ $CharacterReplace $Input "." "," ]; - :foreach I in={ "alpha"; "beta"; "rc" } do={ + :foreach I in={ "zero"; "alpha"; "beta"; "rc" } do={ :set Input [ $CharacterReplace $Input $I ("," . $I . ",") ]; } @@ -1495,6 +1496,7 @@ :set Return ($Return + 0xff00); :set Multi ($Multi / 0x100); } else={ + :if ($Value = "zero") do={ } :if ($Value = "alpha") do={ :set Return ($Return + 0x3f00); } :if ($Value = "beta") do={ :set Return ($Return + 0x5f00); } :if ($Value = "rc") do={ :set Return ($Return + 0x7f00); } diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc index 9635be6..09d471d 100644 --- a/netwatch-dns.rsc +++ b/netwatch-dns.rsc @@ -16,7 +16,10 @@ :global CertificateAvailable; :global EitherOr; + :global IsDNSResolving; + :global IsTimeSync; :global LogPrint; + :global LogPrintOnce; :global ParseKeyValueStore; :global ScriptLock; @@ -67,6 +70,12 @@ :local DohCurrent [ /ip/dns/get use-doh-server ]; :local DohServers ({}); + :if ([ :len $DohCurrent ] > 0 && [ $IsDNSResolving ] = false && [ $IsTimeSync ] = false) do={ + $LogPrint info $ScriptName ("Time is not sync, disabling DoH: " . $DohCurrent); + /ip/dns/set use-doh-server=""; + :set DohCurrent ""; + } + :foreach Host in=[ /tool/netwatch/find where comment~"\\bdoh\\b" status="up" ] do={ :local HostVal [ /tool/netwatch/get $Host ]; :local HostInfo [ $ParseKeyValueStore ($HostVal->"comment") ]; @@ -118,6 +127,9 @@ :if ($Data != false) do={ :if ([ :typeof [ :find $Data "doh-check-OK" ] ] = "num") do={ /ip/dns/set use-doh-server=($DohServer->"doh-url") verify-doh-cert=yes; + :if ([ /certificate/settings/get crl-use ] = true) do={ + $LogPrintOnce warning $ScriptName ("Configured to use CRL, that can cause severe issue!"); + } /ip/dns/cache/flush; $LogPrint info $ScriptName ("Setting DoH server: " . ($DohServer->"doh-url")); :error true; diff --git a/netwatch-notify.rsc b/netwatch-notify.rsc index b658eae..a49d0cd 100644 --- a/netwatch-notify.rsc +++ b/netwatch-notify.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2020-2024 Christian Hesse <mail@eworm.de> # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # monitor netwatch and send notifications # https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-notify.md @@ -102,7 +102,8 @@ :if ([ :typeof ($HostInfo->"resolve") ] = "str") do={ :if ([ $IsDNSResolving ] = true) do={ :do { - :local Resolve [ :resolve ($HostInfo->"resolve") ]; + :local Resolve [ :resolve type=[ $IfThenElse ([ :typeof ($HostVal->"host") ] = "ip") \ + "ipv4" "ipv6" ] ($HostInfo->"resolve") ]; :if ($Resolve != $HostVal->"host") do={ :if ([ $ResolveExpected $ScriptName ($HostInfo->"resolve") ($HostVal->"host") ] = false) do={ $LogPrint info $ScriptName ("Name '" . $HostInfo->"resolve" . [ $IfThenElse \ diff --git a/telegram-chat.rsc b/telegram-chat.rsc index 2bdc04d..f2750f5 100644 --- a/telegram-chat.rsc +++ b/telegram-chat.rsc @@ -3,7 +3,7 @@ # Copyright (c) 2023-2024 Christian Hesse <mail@eworm.de> # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # -# requires RouterOS, version=7.14 +# requires RouterOS, version=7.15 # # use Telegram to chat with your Router and send commands # https://git.eworm.de/cgit/routeros-scripts/about/doc/telegram-chat.md @@ -97,7 +97,7 @@ :local Trusted false; :local Chat ($Message->"chat"); :local From ($Message->"from"); - :local Command [ :tostr ($Message->"text") ]; + :local Command ($Message->"text"); :foreach IdsTrusted in=($TelegramChatId, $TelegramChatIdsTrusted) do={ :if ($From->"id" = $IdsTrusted || $From->"username" = $IdsTrusted) do={ |