Can I butt in and make a suggestion? It would be easier to maintain if you keep doing seperate firewall rule files on disk: fw.common fw.rtr1 fw.rtr2 Then include them in the config with something like: import fw.common :global hostname [/system identity get name]; import fw.$hostname That will be nicer for version control, easier to create new hosts (cp fw.rtr2 fw.rtr3), you can make hosts' firewalls identical just by using symlinks (ln -s fw.rtr2 fw.rtr3) and in theory means no differences in the on-device config (for the firewall section at least) - they're all just going to say "import rules.$hostname". I realise your first question was along the lines of "I just want one firewall file", but I reckon that's counter-productive. - Ben On Sun, Jan 10, 2016 at 8:25 PM, Alex Samad - Yieldbroker < Alex.Samad@yieldbroker.com> wrote:
Oh awesome thanks, time to wipe out the test VM
Thanks
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Karl Auer Sent: Sunday, 10 January 2016 1:54 PM To: public@talk.mikrotik.com.au Subject: Re: [MT-AU Public] scripting question
On Sun, 2016-01-10 at 02:09 +0000, Alex Samad - Yieldbroker wrote:
Are no miss understanding I have a file fw.rsc which I keep my firewall definition in I use it by going import fw.rsc I would like some of those line to be enabled or disabled based on the hostname .
Yes - use the same technique. Your file fw.rsc would look like this:
# Common firewall lines blah blah blah blah blah blah :global hostname [/system identity get name] :if ( $hostname = "rtr" ) \ do={ # Firewall lines for host name "rtr" only bloo bloo bloo bloo bloo bloo }
Now when you import fw.rsc, the script will inspect the system name and only apply the "bloo bloo bloo" lines if the system name is "rtr". If you need to intersperse the differences, just have more :if statements.
You may also find it useful to use chain names based on the router identity, and insert into appropriate chains with strategically placed :if statements.
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 http://www.nullarbor.com.au mobile +61 428 957160
GPG fingerprint: 6D59 8AE6 810D 44E3 7626 7040 4DD6 F89F 3053 4774 Old fingerprint: 9DCA 0903 BCBD 0647 BCCC 2FA7 A35C 57A1 ACF9 00BB
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
-- "If you made a Venn diagram [of my life], there would be two non-overlapping circles, one of which was labeled, 'Times when I am truly happy' and the other of which was labeled, 'Times when I am logged in as root, holding a cable, or have the case open.' " - Jamie Zawinski [jwz.org]