RouterOS: RouterOS.Script (Basic 01-02)

-------------------------------------------------------------------------------- [ INI ]

----------------------------------------------------------------------------------------

----------------------------- Scripts (basicos): -------------------------------------

----------------------------------------------------------------------------------------

# AddressList.AddIP-RedesSociales: ----------------------------------------------------

# Name: AddressList.AddIP-RSociales

# comment="C+: ( AddressList.AddIP-RedesSociales )";

# ---------------------------------------------

:local TTL; # establezco como guardable todo (ddns.ttl>30seg)

:local HoraINI;

:local HoraFIN;

:local Type ””;

:local Address (0.0.0.0);

:local AddressS “”;

:local Name “”;

:local Lista;

:local CountProcc 0;

:foreach x in [/system script job find (script="AddressList.AddIP-RSociales")] do {:set CountProcc ($CountProcc+1);}; # Cant de éste proc activos

:if ($CountProcc=1) do={

# :global AddressListAdd “[ $AddressListTAdd ] - ”;

:global AddressListTAdd; :set HoraINI ([/system clock get time]);

# --------------------------------------- [ Activar solo x identificar (error Script) ]

:log info message=("[AddressList.AddIP-RSociales (INI: Pre-Foreach)]");

# ---------------------------------------------------

:foreach i in=[/ip dns cache all find ((name~"whatsapp" or name~"youtube" or name~"googlevideo" or name~"twitter" or name~"facebook" or name~"instagram" or name~"netflix" or name~"skype" or name~”spotify” or name~"snapchat" or name~”telegram” or name~”twitch” or name~”vimeo”) and (type="A" or type="CNAME"))] do={

# ---------------------------------------------------

# :if ($CountProcc=1) do={:set CountProcc ($CountProcc+1); :log info message=("[AddressList.AddIP-RSociales (INI: Pos-Foreach(Find))]");};

# ---------------------------------------------------

:set Name ([/ip dns cache get $i name]); :set Type ([/ip dns cache all get $i type]); :set TTL ([/ip dns cache get $i ttl]); :if ([len $Type]>0 and $TTL>30s) do={:if ($Type=”A”) do={:set Address ([/ip dns cache get $i address]); :set Address ([toip $Address]);

# --------------------------------------------------

# :log info message=("[AddressList.AddIP-RSociales Address.Direct, A.Act: (".($Address).") – T: (".($Type).") – N: (".($Name).") – D: (".($TTL).") = [ ".([typeof $Address])." ]]");

# --------------------------------------------------

} else={:set AddressS ([/ip dns cache all get $i data]); :do {:set Address [resolve $AddressS];

# --------------------------------------------------

# :log info message=("[AddressList.AddIP-RSociales DNS.Resolve, A.Act: (".($Address).") – A.Str: (".($AddressS).") – T: (".($Type).") – N: (".($Name).") – D: (".($TTL).") = [ ".([typeof $Address])." ]]");

# --------------------------------------------------

} on-error={

# --------------------------------------------------

:set Address (0.0.0.0); :log error message=("[AddressList.AddIP-RSociales DNS.Resolve-Failure, A.Str: (".($AddressS).") – T: (".($Type).") – N: (".($Name).") – D: (".($TTL).")]");

# --------------------------------------------------

}}; :if ([len $Name]>0 and $Address!=0.0.0.0) do={:if ($Name~"whatsapp") do={:set Lista (“S-WHATSAPP.List”);} else={:if ($Name~"youtube" or $Name~"googlevideo") do={:set Lista (“S-YOUTUBE.List”);} else={:if ($Name~"facebook") do={:set Lista (“S-FACEBOOK.List”);} else={:if ($Name~"twitter") do={:set Lista (“S-TWITTER.List”);} else={:if ($Name~"instagram") do={:set Lista (“S-INSTAGRAM.List”);} else={:if ($Name~"netflix") do={:set Lista (“S-NETFLIX.List”);} else={:if ($Name~"skype") do={:set Lista (“S-SKYPE.List”);} else={:if ($Name~"spotify") do={:set Lista (“S-SPOTIFY.List”);} else={:if ($Name~"snapchat") do={:set Lista (“S-SNAPCHAT.List”);} else={:if ($Name~"telegram") do={:set Lista (“S-TELEGRAM.List”);} else={:if ($Name~"twitch") do={:set Lista (“S-TWITCH.List”);} else={:if ($Name~"vimeo") do={:set Lista (“S-VIMEO.List”);}}}}}}}}}}}}; :if ([/ip firewall address-list find (list=$Lista and address=$Address)]="") do={/ip firewall address-list add address=$Address list=$Lista comment="C+: QoS ( [ $Name ] – [ $Type ] – [ $TTL ] )"; :set AddressListTAdd ($AddressListTAdd+1);}; :delay 10ms;}}}; :set HoraFIN ([/system clock get time]); :log warning message=(“[AddressList.AddIP-RSociales (FIN), duracion: (”.($HoraFIN-$HoraINI).”)]”);} else={:log error message=(“[AddressList.AddIP-RSociales Activos: ( “.($CountProcc-1).” )]”);}; /system script environment remove [find name="AddressListTAdd"];

# Nota: mientras mas veces se ejecuta, mejor marca dicho trafico. Se producen algunos (script error: no such item (4)), que infiero se debe a un error interno del proceso (find (…) del foreach).

# AddressList.Ctrl (QoS.Redes Sociales): -----------------------------------------------

# Name: AddressList.Ctrl (QoS.Redes Sociales)

# comment=”C+: ( AddressList.Ctrl (QoS.Redes Sociales) )”;

# -----------------------------------------------

# Funcion transforma Fecha en Nro (Fecha+Hora)

:local DateTimeToNro do={:local NroX; :local MC ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");

:local DiaX ([pick $1 4 6]); :local MesCX ([pick $1 0 3]); :local MesX ([find $MC $MesCX -1]+1); :if ($MesX<10) do={:set MesX (“0”.$MesX);}; :local AnioX ([pick $1 7 11]); :set NroX ($AnioX.$MesX.$DiaX); :if ([len $1]>12) do={:local HoraX ([pick $1 12 14]); :local MinX ([pick $1 15 17]); :local SegX ([pick $1 18 20]); :set NroX ($NroX.$HoraX.$MinX.$SegX);} else={:set NroX ($NroX.”000000”);}; return ([tonum $NroX]);}

# -----------------------------------------------

:local TimeDisableQoS ([tonum 180000000]); # (180d, h: 00-12, m/s:00-59)

:local TimeRemoveQoS ([tonum 365000000]); # (365d)

# ------------------------------ [Address-List (RedesSociales).Disable/Remove]

:if ($TimeDisableQoS>0) do={:local DateTimeAct ([/system clock get date].” ”.[/system clock get time]); :local CreationTime; :foreach i in=[/ip firewall address-list find (comment~”C\\+: QoS \\( ”)] do={:set CreationTime ([/ip firewall address-list get $i creation-time]); :if ($TimeRemoveQoS>0 and ([$DateTimeToNro $CreationTime]+$TimeRemoveQoS)<=[$DateTimeToNro $DateTimeAct]) do={[/ip firewall address-list set $i disable=no]; [/ip firewall address-list set $i timeout=10s];} else={:if (([$DateTimeToNro $CreationTime]+$TimeDisableQoS)<=[$DateTimeToNro $DateTimeAct]) do={[/ip firewall address-list set $i disable=yes];}}}};

# AddressList.Ctrl (Services IP Change): -----------------------------------------------

# (Add), aun las que no cambian periodicamen.

# Name: AddressList.Ctrl (Services IP Change)

# comment=”C+: ( AddressList.Ctrl (Services IP Change) )”;

# -----------------------------------------------

# Funcion transforma Fecha en Nro (Fecha+Hora)

:local DateTimeToNro do={:local NroX; :local MC ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");

# -----------------------------------------------

:local DNSX;

:local AddressX;

:local ListX;

:local TimeDisableSIC ([tonum 10000000]); # (05d, h: 00-12, m/s:00-59)

:local TimeRemoveSIC ([tonum 30000000]); # (30d)

:local IPtoResolver (“www.cuevana2.com:A-ENACOMDROP.List@Dynamic*www.cuevana3.co:A-ENACOMDROP.List@Static*cuevana2espanol.com:A-ENACOMDROP.List@Static*www.cuevana.com:A-ENACOMDROP.List@Static*cuevana.io:A-ENACOMDROP.List@Static*”); # Constituir según necesidades, ordenadas por ListX (Dynamic/Static).

:local IPtoResolverX ($IPtoResolver);

:local IPtoResolverX1 ($IPtoResolver);

# ------------------------------------------------------------------- [Address-List.Add]

:while ([len $IPtoResolver]>0) do={:set DNSX ([pick $IPtoResolver 0 ([find $IPtoResolver “:”])]); :set ListX ([pick $IPtoResolver ([find $IPtoResolver “:”]+1) ([find $IPtoResolver “@”])]); :set IPtoResolver ([pick $IPtoResolver ([find $IPtoResolver “*”]+1) [len $IPtoResolver]]); :do {:set AddressX ([resolve $DNSX]);} on-error={:set AddressX (0.0.0.0); :log error message=("[AddressList-Add.ServiceIPChange: (".($AddressX).") – (".($DNSX).") – (".($ListX).")]");}; :if ($AddressX!=0.0.0.0 and [/ip firewall address-list find (list=$ListX and address=$AddressX)]=””) do={/ip firewall address-list add list=$ListX address=$AddressX comment=(“C+: SIC ( [ ”.($ListX).” ] – [ “.($DNSX).” ] )”) disable=no;}};

# --------------------------- [Address-List (ServiceIPChange).Disable/Remove]

:if ($TimeDisableSIC>0) do={:local ListXAnt (””); :local CommentX; :local TypeX; :local DateTimeAct ([/system clock get date].” ”.[/system clock get time]); :while ([len $IPtoResolverX]>0) do={:set ListX ([pick $IPtoResolverX ([find $IPtoResolverX “:”]+1) ([find $IPtoResolverX “@”])]); :set TypeX ([pick $IPtoResolverX ([find $IPtoResolverX “@”]+1) ([find $IPtoResolverX “*”])]); :set IPtoResolverX ([pick $IPtoResolverX ([find $IPtoResolverX “*”]+1) [len $IPtoResolverX]]); :if ($ListX!=$ListXAnt) do={:set ListXAnt ($ListX); :local CreationTime; :foreach i in=[/ip firewall address-list find (list=$ListX)] do={:set CreationTime ([/ip firewall address-list get $i creation-time]); :set CommentX ([/ip firewall address-list get $i comment]); :set DNSX ([pick $CommentX ([find $CommentX “ ] – [ “]+7) ([find $CommentX “ )“]-2)]); :set TypeX ([pick $IPtoResolverX1 ([find $IPtoResolverX1 $DNSX]) ([len $IPtoResolverX1])]); :set TypeX ([pick $TypeX ([find $TypeX “@”]+1) ([find $TypeX “*”])]); :if ($TypeX=”Dynamic”) do={:if ($TimeRemoveSIC>0 and ([$DateTimeToNro $CreationTime]+$TimeRemoveSIC)<=[$DateTimeToNro $DateTimeAct]) do={[/ip firewall address-list set $i disable=no]; [/ip firewall address-list set $i timeout=10s];} else={:if (([$DateTimeToNro $CreationTime]+$TimeDisableSIC)<=[$DateTimeToNro $DateTimeAct]) do={[/ip firewall address-list set $i disable=yes];}}}}}}};

# Nota: usado, para (Add IPs) de servicios que la cambian x time. Ahora, si además de cambiarlas, las reiutiliza para otros servicios, tendría que establecerse un TimeLaps. Recordar que: address-list add.IP, aun si existe, pero (disabled).

# AddressList.DOSAttack-Alert: ---------------------------------------------------------

# Name: AddressList.DOSAttack-Alert

# comment=”R+: ( AddressList.DOSAttack-Alert )”;

# ---------------------------------------------------

# Función Tracert.IP: (IP, Count)

:local TracertIP do={

# ------------------------

# Función Transforma de BidimUnidim.Str: (StrBidim, StrExtra) {f de f}

:local BidiToUniStr do={:local BStr ($1); :local LineStr ””; :while ([len $BStr]>0) do={:set LineStr ($LineStr.[pick $BStr 0 ([find $BStr “\r\n”])].$2); :set BStr ([pick $BStr ([find $BStr“\r\n”]+2) [len $BStr]]);}; :return ($LineStr);}

# ------------------------

# Función Transforma de Tracert-BidimaUnidim.Str: (TStrBidim, StrExtra) {f de f}

:local TBidiToUniStr do={

# ------------------------

# Función Elimina Char255.Izq: (StrX, Direction) {f de f de f}

:local KillChar255 do={:local StrXA ($1); :local X (0); :local Bloq (1); :if ($2=”Der.”) do={:set X ([len $1]-1); :set Bloq (-1);}; :if ([len $StrXA]>0) do={:while ([pick $StrXA $X]=” ”) do={:set X ($X+$Bloq);}; :if ($2=“Izq.”) do={:set StrXA ([pick $StrXA $X [len $StrXA]]);} else={:set StrXA ([pick $StrXA 0 ($X+1)]);}}; :return ($StrXA);}

# ------------------------------------- (Code Main de TBidiToUniStr)

:local BStr ($1); :local LineStr ””; :local LineStrX ””; :local LineX (1); :while ([len $BStr]>0) do={:set LineStrX ([pick $BStr 0 ([find $BStr “\r\n”])]); :if ([len $LineStrX]>53) do={:if ([pick $LineStrX 3 5]!=” “) do={:set LineStr ($LineStr.“[ ”.$LineX.” ]: ”.([$KillChar255 ([pick $LineStrX 3 35]) “Der.”]).” – “.([pick $LineStrX 36 40]).” – “.([pick $LineStrX 46 53]).$2);} else={:set LineStr ($LineStr.“[ ”.$LineX.” ]: ( ----- ) – “.([pick $LineStrX 36 40]).” – “.([pick $LineStrX 46 53]).$2);}; :set LineX ($LineX+1);}; :set BStr ([pick $BStr ([find $BStr “\r\n”]+2) [len $BStr]]);}; :return ($LineStr);}

# ------------------------------------- (Code Main de TracertIP)

:global IPT ($1); :global Count ($2); /ip firewall raw set [find comment=”014R+: Bloqueo.Resto de InputICMP.Conn (hacia WANs)”] disable=yes; :execute {tool traceroute count=$Count use-dns=yes $IPT} file=iptracert.txt; :delay 5s; /ip firewall raw set [find comment=”014R+: Bloqueo.Resto de InputICMP.Conn (hacia WANs)”] disable=no; :local STracerIP ([/file get “iptracert.txt” contents]); /file remove “iptracert.txt”; :if ($STracerIP!=”failure: could not start”) do={:set STracerIP ([pick $STracerIP ([find $STracerIP “\r\n”]+2) ([len $STracerIP])]); :set STracerIP (“[ Tracert. ”.$IPT.” ]: --------------------------------------------------------------- ”.[$TBidiToUniStr $STracerIP " ; "]);} else={:set STracerIP (“[ Tracert. “.$IPT.” ]: --------------------------------------------------------------- ”.$STracerIP);}; /system script environment remove [find name="IPT"]; /system script environment remove [find name="Count"]; :return ($STracerIP);}

# Nota: por alguna razón (IPT/Count {cant. de intentos}), debe ser global.

# ------------------------------------------------

# Función devuelve Time Absoluto según concatenación de Dia+Hora: (Fecha,Hora)

:local AbsTime do={:local TimeX “”; :local Mx ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec"); :local MesAct ([find $Mx ([pick $1 0 3]) -1]+1); :if ($MesAct<10) do={:set MesAct (“0”.$MesAct);}; :set TimeX ([pick $1 7 11].$MesAct.[pick $1 4 6].[pick $2 0 2].[pick $2 3 5].[pick $2 6 8]); :return ($TimeX);}

# ---------------------------------------- (Code Main de AddressList.DOSAttack-Alert)

:global DOSRegistroH; # En caso de ataque masivo, limpiar manualmente

:local TracertSend “NO”; # Envio TelegramAlert con (tracerout IP)

:local TimeAct ([$AbsTime ([/system clock get date]) ([/system clock get time])]);

:local DOSRegistro “”;

:local Listx “”;

:local IPx;

:local TimeOx;

:local Commentx “”;

:local Cont 0;

:local TimeLastC;

:local PosTF;

:local TimeCreatx;

:if ([/ip firewall address-list find (list~"T-DOS" and timeout>59s)]!=””) do={/system script run AddressList.Ident-Client; /system script run AddressList.Ident-Address; :delay 10s; :foreach x in=[/ip firewall address-list find (list~"T-DOS" and timeout>29s)] do={:set Listx ([/ip firewall address-list get $x list]); :set IPx ([/ip firewall address-list get $x address]); :set TimeOx ([/ip firewall address-list get $x timeout]); :set Commentx ([/ip firewall address-list get $x comment]); :if ([len $Commentx]=0) do={:set Commentx (“---(Error.Script-Ident)---”);}; :set TimeCreatx ([/ip firewall address-list get $x creation-time]); :set TimeCreatx ([$AbsTime [pick $TimeCreatx 0 11] [pick $TimeCreatx 12 21]]); :if ($DOSRegistroH~($IPx.”&”.$Listx.”%”)) do={:set PosTF ([find $DOSRegistroH ($IPx.”&”.$Listx.”%”)]+[len [tostr $IPx]]+[len $Listx]+2); :set TimeLastC ([pick $DOSRegistroH $PosTF ($PosTF+14)]); :if ($TimeCreatx>$TimeLastC) do={:set Cont ($Cont+1); :set DOSRegistro ($DOSRegistro.(”[ ”.$Cont.” : ”.$Listx.” ”.$IPx.” “.$TimeOx.” ”.[pick $Commentx 0 450].” ] ”)); :set $DOSRegistroH ([pick $DOSRegistroH 0 $PosTF].$TimeAct.[pick $DOSRegistroH ($PosTF+14) [len $DOSRegistroH]]);}} else={:set Cont ($Cont+1); :set DOSRegistro ($DOSRegistro.(”[ ”.$Cont.” : ”.$Listx.” ”.$IPx.” “.$TimeOx.” ”.[pick $Commentx 0 450].” ] ”)); :set DOSRegistroH ($DOSRegistroH.$IPx.”&”.$Listx.”%”.$TimeAct.”*”);}}; :if ([len $DOSRegistro]>0) do={:global TelegramMessage (“[DOS-Attack.Alert]: ------------ ( ”.([/system identity get name]).” ) -------------- ”.($DOSRegistro)); /system script run RB.Telegram-MessageAlert; :delay 2s; :if ($TracertSend=“SI”) do={:global TelegramMessage ([$TracertIP $IPx 1]); /system script run RB.Telegram-MessageAlert; :delay 2s;}}} else={:set DOSRegistroH (“”);};

# AddressList.Empty-!A!SComment: ----------------------------------------------------

# Name: AddressList.Empty-!A!SComment

# comment=”Rx: ( Limpia AddressList.(!A+!S)-Comment )”;

:foreach x in=[/ip firewall address-list find (!(list~"A-" or list~"S-"))] do={/ip firewall address-list set $x comment=””};

# AddressList.Empty-CComent: ---------------------------------------------------------

# Name: AddressList.Empty-CComment

# comment=”Rx: ( Limpia AddressList.(C)-Comment )”;

:foreach x in=[/ip firewall address-list find (list~"C-")] do={/ip firewall address-list set $x comment=””};

# AddressList.Empty-TComment: -------------------------------------------------------

# Name: AddressList.Empty-TComment

# comment=”Rx: ( Limpia AddressList.(T)-Comment )”;

:foreach x in=[/ip firewall address-list find (list~"T-")] do={/ip firewall address-list set $x comment=””};

# AddressList.Ident-Address: ------------------------------------------------------------

# Name: AddressList.Ident-Address

# comment=”R+: ( AddressList.Ident-Address )”;

# Es aconsejable, previamente borrar el (log)/(RB.Reboot) – por duplicaciones – y, remover la variable global (MACLANDrop) al finalizar análisis de MACs.

# ----------------------------------------------

# Función cambia a mayúscula una MAC: (MAC)

:local UpCaseMAC do={

# ------------------------

# Función cambia a mayúscula una Hex.Letra: (Char) {función de función}

:local UpCaseHexL do={:local HexDw (“abcdef”); :local HexUp (“ABCDEF”); :if ([tonum $1]<0 and !([find $HexDw $1]<0)) do={:set $1 [pick $HexUp ([find $HexDw $1]) ([find $HexDw $1]+1)];}; return ($1)}

# ------------------------

:local MACUpC “”; :local z 0; :while (z<16) do={:set MACUpC ($MACUpC.[$UpCaseHexL ([pick $1 $z ($z+1)])].[$UpCaseHexL ([pick $1 ($z+1) ($z+2)])].”:”); :set z ($z+3);}; :return ([pick $MACUpC 0 ([:len $MACUpC]-1)])}

# ----------------------------------------------

# Función Identifica IP: (IP,MAC)

# Solo funciona con (/24).

:local IPIdent do={

# ------------------------------

# Función devuelve Whois IP-Public: (IP-Public) {f de f}

:local WhoisIP do={

# ----------------------------------------------

# Función Elimina Char255.Izq: (StrX, Direction) {f de f de f}

# --------------------------

# Función Elimina Char255.IzqxURL: (StrX, Direction, StrCharsOk) {f de f de f}

:local KillChar255xURL do={:local StrXA ($1); :local X (0); :local CharX; :local Bloq (1); :if ($2=”Der.”) do={:set X ([len $1]-1); :set Bloq (-1);}; :if ([len $StrXA]>0) do={:while ([pick $StrXA $X]=” ”) do={:set X ($X+$Bloq);}; :if ($2=“Izq.”) do={:set StrXA ([pick $StrXA $X [len $StrXA]]);} else={:set StrXA ([pick $StrXA 0 ($X+1)]);}};

# ------------ (Kill x no-encontrarse en $3)

:for rx from=0 to=([len $StrXA]-1) do={:while ([find $3 ([pick $StrXA $rx])]<0) do={:set CharX ([pick $StrXA $rx]); :set StrXA (([pick $StrXA 0 ([find $StrXA $CharX])]).“ ”.([pick $StrXA ([find $StrXA $CharX]+1) [len $StrXA]]));}};

# ------------ (Kill x encontrarse en $3, no funciona en RouterOS: “ñÑ$#&¿?”)

# :for rx from=0 to=([len $3]-1) do={:while ([find $StrXA ([pick $3 $rx])]>=0) do={:set CharX ([pick $3 $rx]); :set StrXA (([pick $StrXA 0 ([find $StrXA $CharX])]).“ ”.([pick $StrXA ([find $StrXA $CharX]+1) [len $StrXA]]));}};

# ------------

:return ($StrXA);}

# ---------------------------------------------- (Code Main de WhoisIP)

:local ICANN (“(ARIN): America.Anglo-Sajona*(RIPE NCC): Europa, Oriente.Medio y Asia.Central*(APNIC): Asia y Region.Pacifico*(LACNIC): America.Latina y el Caribe*(AfriNIC): Africa*(Direct Assignment): Ubicacion desconocida*”); :local Owner (” “); :local NetName (” “); :local NetType (” “); :local IPGPS (” “); :local OriginAS (” “); :local Country (” “); :local Responsible (” “); :local Address (” “); :local Phone (” “); :local Organization (” “); :local City (” “); :local CIDR (” “); :local Email (” “); :local WhoisX (“”); :local Type; :local FileT (“ipwhois.txt“); # o ("\?q=".$1);

# ----------------------

/tool fetch url=(”http://whois.arin.net/rest/ip/$1.txt”) mode=http dst-path=($FileT);

# /tool fetch url=(“https://api.hackertarget.com/whois/\?q=”.$1) mode=https dst-path=($FileT);

# Nota: Limitacion: (FileT<=4K y LACNIC<=30Consultas/5m). El (23/04/19) del baneo x parte de (RIPE NCC: https://api.hackertarget.com/whois/).

# ----------------------

:delay 2s; # usado too, x reducir la prob. de baneo x alguna entidad de (ICANN).

:local IPWhoisX ([/file get ($FileT) contents]); :local IPWhoisX1 (“”); :local SCharsOk (“abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789–-*/@.;,) (_:[]{%}”); /file remove ($FileT);

:if ([len $IPWhoisX]>0) do={

# ----------------------

:if ([find $IPWhoisX “NetType:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “NetType:”]) ([len $IPWhoisX])]); :set NetType ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :if ([find $NetType “to”]>0) do={:set NetType ([pick $NetType ([find $NetType “to”]+3) ([len $NetType])]); :set Type ($NetType);} else={:set Type ([pick $NetType 0 7]);}; :set IPGPS ([pick $ICANN [find $ICANN $Type] [len $ICANN]]); :set IPGPS ([pick $IPGPS ([find $IPGPS “):”]+3) ([find $IPGPS “*”])]); :set WhoisX ($WhoisX.$IPGPS.” - ”); :set WhoisX ($WhoisX.$NetType.” - ”);};

# ----------------------

:if ([find $IPWhoisX “owner:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “owner:”]) ([len $IPWhoisX])]); :set Owner ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$Owner.” - ”);};

# ----------------------

:if ([find $IPWhoisX “responsible:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “responsible:”]) ([len $IPWhoisX])]); :set Responsible ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$Responsible.” - ”);};

# ----------------------

:if ([find $IPWhoisX “ddress:”]>0) do={:set IPWhoisX1 ($IPWhoisX); :while ([find $IPWhoisX1 “ddress:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX1 ([find $IPWhoisX1 “ddress:”]+6) ([len $IPWhoisX1])]); :set Address ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :if ([find $WhoisX ($Address.” - ”)]=-1) do={:set WhoisX ($WhoisX.$Address.” - ”);}}};

# ----------------------

:if ([find $IPWhoisX “hone:”]>0) do={:set IPWhoisX1 ($IPWhoisX); :while ([find $IPWhoisX1 “hone:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX1 ([find $IPWhoisX1 “hone:”]+4) ([len $IPWhoisX1])]); :set Phone ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :if ([find $WhoisX ($Phone.” - ”)]=-1) do={:set WhoisX ($WhoisX.$Phone.” - ”);}}};

# ----------------------

:if ([find $IPWhoisX “City:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “City:”]) ([len $IPWhoisX])]); :set City ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$City.” - ”);};

# ----------------------

:if ([find $IPWhoisX “country:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “country:”]) ([len $IPWhoisX])]); :set Country ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$Country.” - ”);};

# ----------------------

:if ([find $IPWhoisX “Organization:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “Organization:”]) ([len $IPWhoisX])]); :set Organization ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$Organization.” - ”);};

# ----------------------

:if ([find $IPWhoisX “NetName:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “NetName:”]) ([len $IPWhoisX])]); :set NetName ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$NetName.” - ”);};

# ----------------------

:if ([find $IPWhoisX “mail:”]>0) do={:set IPWhoisX1 ($IPWhoisX); :while ([find $IPWhoisX1 “mail:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX1 ([find $IPWhoisX1 “mail:”]+4) ([len $IPWhoisX1])]); :set Email ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :if ([find $WhoisX ($Email.” - ”)]=-1) do={:set WhoisX ($WhoisX.$Email.” - ”);}}};

# ----------------------

:if ([find $IPWhoisX “CIDR:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “CIDR:”]) ([len $IPWhoisX])]); :set CIDR ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$CIDR.” - ”);};

# ----------------------

:if ([find $IPWhoisX “OriginAS:”]>0) do={:set IPWhoisX1 ([pick $IPWhoisX ([find $IPWhoisX “OriginAS:”]) ([len $IPWhoisX])]); :set OriginAS ([$KillChar255xURL ([pick $IPWhoisX1 ([find $IPWhoisX1 “:”]+1) [find $IPWhoisX1 “\n”]]) “Izq.” $SCharsOk]); :set WhoisX ($WhoisX.$OriginAS.” - ”);};

# ----------------------

:set WhoisX ([pick $WhoisX 0 ([len $WhoisX]-3)]);} else={:set WhoisX (“Error.WhoisIP-Inaccesible”);}; :return ($WhoisX);}

# ------------------------------

# Función Identifica-Cliente: (IP,Rango1,Rango2,Rango3,…) {f de f}

:local ClientIdent do={

:local RegistroX (“IP.OutRange”);

:if ([pick $1 0 [len $2]]=$2 or [pick $1 0 [len $3]]=$3 or [pick $1 0 [len $4]]=$4) do={:if ([/queue simple find (target=($1."/32"))]!="") do={:set RegistroX ([/queue simple get value-name=name [find target=($1."/32")]]); :if ([find $RegistroX “_Libre ”]<0) do={:set RegistroX ([pick $RegistroX 0 77]);} else={:set RegistroX (”( Libre )”);}} else={:set RegistroX (”[Error-QS.IPFaltante]”);}}; :return ($RegistroX);}

# Nota: disponer en fila, los rangos de IP sin ceros a la izq., según corresponda.

# ------------------------------ (Code Main de IPIdent)

:global ICANNCont; :local IDOut (“ID.UnKnown”); :local RegistroY; :if ([len $2]>0 and [/ip arp find (mac-address=$2)]!=””) do={:set RegistroY ([$ClientIdent ([/ip arp get [/ip arp find mac-address=$2] address]) ”1.2.A” ”1.2.B” ”1.2.C”]); :set IDOut (($2).”,(”.([pick $RegistroY 0 25]).“=”.[/ip arp get [/ip arp find mac-address=$2] address].”).”.[/ip arp get [/ip arp find mac-address=$2] interface]);} else={:if ([/ip arp find (address=$1)]!=””) do={:set IDOut ([/ip arp get [/ip arp find address=$1] mac-address].”,(”.($1).”).”.[/ip arp get [/ip arp find address=$1] interface]);} else={:if ($ICANNCont<20) do={:set IDOut ([$WhoisIP $1]); :set ICANNCont ($ICANNCont+1);} else={:set IDOut (“Error.WhoisIP-LimitAlcanzado”);}; :if ([len $2]>0) do={:set IDOut ($2.”,(”.$IDOut.”).WANX”);}}}; :return ($IDOut)}

# ------------------------------------- [Code Main de AddressList.Ident-Address]

# -------------------------------------[Registro Regional de Internet: NRO+]

# (ARIN): America.Anglo-Sajona.

# (RIPE NCC): Europa, Oriente.Medio y Asia.Central.

# (APNIC): Asia y Region.Pacifico.

# (LACNIC): America.Latina y el Caribe.

# (AfriNIC): Africa.

# (Direct Assignment/Allocation): Ubicación desconocida.

# -------------------------------------

:global MACLANDrop “”; # Guarda all (MAC) de T-DOS___.List (empty)

:global ICANNCont (0); # Contador de consultas a entidades ICANN

:local IPx;

:local IDClientx;

:local MACx “”;

:local Registro “”;

:local Encontrado;

:foreach x in=[/ip firewall address-list find (!comment and list~"T-DOS")] do={:set IPx ([/ip firewall address-list get $x address]); :if ([/log find (message~"DOS-” and message~"src-mac” and message~$IPx)]!=””) do={:foreach y in=[/log find (message~"DOS-” and message~"src-mac” and message~$IPx)] do={:set Registro ([/log get $y message]);}; :set MACx ([pick $Registro ([find $Registro "src-mac”]+8) ([find $Registro "src-mac”]+25)]); :set MACx ([$UpCaseMAC $MACx]); :set IDClientx ([$IPIdent $IPx $MACx]); :set MACLANDrop ($MACLANDrop.$MACx.”\r\n”); :set IDClientx (“( “.($IDClientx).” ) – ( “.([pick $Registro ([find $Registro $IPx]) ([len $Registro])]).” )”); /ip firewall address-list set $x comment=($IDClientx);} else={/ip firewall address-list set $x comment=(”( ”.([$IPIdent $IPx ””]).” )”);}}; /system script environment remove [find name="ICANNCont"];

# /system script environment remove [find name="MACLANDrop"];

# Nota: usar (aplicación: WireShark), filtro (eth.addr == 6C:3B:6B:A8:13:5E), para identificar cambios de IP. Exportar log: (/log print file=log.txt).

# AddressList.Ident-Client: --------------------------------------------------------------

# Name: AddressList.Ident-Client

# comment=”C+: ( AddressList.Ident-Client )”;

# Solo funciona con (/24).

# -----------------------------------------------

# Función Identifica-Cliente: (IP,Rango1,Rango2,Rango3,…)

:local ClientIdent do={

:local RegistroX (“IP.OutRange”);

# Nota: disponer en fila, los rangos de IP sin ceros a la izq., según corresponda.

# -----------------------------------------------

:local IPAL;

:local Registro;

:foreach x in=[/ip firewall address-list find (!comment)] do={:set IPAL ([/ip firewall address-list get $x address]); :set Registro ([$ClientIdent $IPAL ”1.2.A” ”1.2.B” ”1.2.C”]); :if ($Registro!=“IP.OutRange”) do={/ip firewall address-list set $x comment=$Registro;};};

# Nota: (77), depende de la longitud del formato para nombre de QS. (Error), no detecta multiples IPs x Client. Run, antes de (AddressList.Ident-Address). Ej. multiple target: ([/queue simple get value-name=name [find target=("1.2.3.4/32”,”1.2.3.5/32”,”1.2.3.7/32")]]).

# DNSCache.Empty: --------------------------------------------------------------------

# Name: DNSCache.Empty

# comment="Rx: ( DNSCache.Empty )";

/ip dns cache print file=DNSCache.txt; :delay 2s;

/ip dns cache flush; # Borra all DNS.Cache

# Log.Empty: -----------------------------------------------------------------------------

# Name: Log.Empty

# comment="Rx: ( Log.Empty )";

/log print file=Log.txt; :delay 2s;

/system logging action set memory memory-lines=1; :delay 2s; # Borra all log

/system logging action set memory memory-lines=1000; # Limita a 1000L

# QS.ChangeAB: -------------------------------------------------------------------------

# Name: QS.ChangeAB

# comment=”C+: ChangeAB.Si ( 00/00 ] o Act.Mes/Act.Año] )”;

# (QoSBurstT/16), determina el periodo de cada análisis (media de consumo de target). Si esa media, es inferior a burst-threshold, activo ráfaga.

# -----------------------------------------------

# Función Convierte MesL en MesN (Fecha) {mejor usar arreglo}

:local ConvertMLToN do={:local Anio ([pick $1 7 11]); :local MesL ([pick $1 0 3]); :local MesN “Error”; :if ($MesL=”jan”) do={:set MesN (“01”)} else={:if ($MesL=”feb”) do={:set MesN (“02”)} else={:if ($MesL=”mar”) do={:set MesN (“03”)} else={:if ($MesL=”apr”) do={:set MesN (“04”)} else={:if ($MesL=”may”) do={:set MesN (“05”)} else={:if ($MesL=”jun”) do={:set MesN (“06”)} else={:if ($MesL=”jul”) do={:set MesN (“07”)} else={:if ($MesL=”aug”) do={:set MesN (“08”)} else={:if ($MesL=”sep”) do={:set MesN (“09”)} else={:if ($MesL=”oct”) do={:set MesN (“10”)} else={:if ($MesL=”nov”) do={:set MesN (“11”)} else={:if ($MesL=”dec”) do={:set MesN (“12”)}}}}}}}}}}}}; :return ($MesN.”/”.[pick $Anio 2 4])};
# -----------------------------------------------

:local QoSRelacion 8; # relación (max-limit(8):limit-at(1)) MT.Default=64k

:local QoSPBurstThres 75; # porcentaje (max-limit(1): limit-at(0,75))

:local QoSBurstL 2; # relación (max-limit(1):burst-limit(2))

:local UnidadUp; # x algoritmo: max-limit (min)=500k/500k

:local UnidadDw;

:local MaxLimitUp 0;

:local MaxLimitDw 0;

:local MaxLimit; # unidad: (k)

:local LimitAtUp 0;

:local LimitAtDw 0;

:local LimitAt; # unidad: (k)

:local BurstLimitUp 0;

:local BurstLimitDw 0;

:local BurstLimit;

:local BurstThresholdUp 0;

:local BurstThresholdDw 0;

:local BurstThreshold; # unidad: (k)

:local ActMesAnio ([$ConvertMLToN [/system clock get date]].” ]”);
:foreach x in=[/queue simple find (name~$ActMesAnio or name~”00/00 ]”)] do={:set MaxLimit ([/queue simple get $x max-limit]); :set MaxLimitUp ([tonum [pick $MaxLimit 0 ([find $MaxLimit "/"]-1)]]); :set MaxLimitDw ([tonum [pick $MaxLimit ([find $MaxLimit "/"]+1) ([len $MaxLimit]-1)]]); :set UnidadUp ([pick $MaxLimit ([find $MaxLimit "/"]-1) ([find $MaxLimit "/"])]); :set UnidadDw ([pick $MaxLimit ([len $MaxLimit]-1) [len $MaxLimit]]); :if ($UnidadUp=”M”) do={:set MaxLimitUp ($MaxLimitUp*1000);}; :if ($UnidadDw=”M”) do={:set MaxLimitDw ($MaxLimitDw*1000)}; :set LimitAtUp ($MaxLimitUp/$QoSRelacion); :set LimitAtDw ($MaxLimitDw/$QoSRelacion); :set LimitAt ($LimitAtUp."k/".$LimitAtDw."k"); /queue simple set $x limit-at=$LimitAt; /queue simple set $x burst-time=16/16; :set BurstThresholdUp (($MaxLimitUp*$QoSPBurstThres)/100); :set BurstThresholdDw (($MaxLimitDw*$QoSPBurstThres)/100); :set BurstThreshold ($BurstThresholdUp."k/".$BurstThresholdDw."k"); /queue simple set $x burst-threshold=$BurstThreshold; :set BurstLimitUp ($MaxLimitUp*$QoSBurstL); :set BurstLimitDw ($MaxLimitDw*$QoSBurstL); :set BurstLimit ($BurstLimitUp."k/".$BurstLimitDw."k"); /queue simple set $x burst-limit=$BurstLimit; /queue simple set $x queue=ethernet-default/ethernet-default; /queue simple set $x priority=8/8; /queue simple set $x parent=none; /queue simple set $x total-queue=ethernet-default;}

# Nota: RouterOS, no maneja bien los decimales, por eso ((valor*porcentaje)/100). QueueSimple.ABChange (max-limit=burst-threshold).

# RB.AddressListX-Export: ---------------------------------------------------------------

# Name: RB.AddressListX-Export

# comment=”Rx: ( RB.AddressListX-Export )”;

# /ip firewall address-list print file=”Address-ListX” where (list="A-ENACOMDROP.List"); Alternativa poco eficiente en tamaño.

:local ListaXContenido ””; # Error, si (tamaño>4K)

:local File “Address-ListX”;

:foreach x in=[/ip firewall address-list find (list="A-ENACOMDROP.List")] do={:set ListaXContenido ($ListaXContenido.[/ip firewall address-list get $x list].”&:&“.[/ip firewall address-list get $x address].”&-&“.[/ip firewall address-list get $x creation-time].”&+&“.[/ip firewall address-list get $x comment].”&*&“);}; :if ([len $ListaXContenido]>0 and [len $ListaXContenido]<4097) do={/file print file=$File; :delay 2s; /file set $File contents=$ListaXContenido;} else={:log error message=(“[Error.Address-List Export]: (>4K)”);};

# Nota: establecer condición: (list=”__.List”…) según corresponda.

# RB.AddressListX-Import: --------------------------------------------------------------

# Name: RB.AddressListX-Import

# comment=”Rx: ( RB.AddressListX-Import )”;

:local File “Address-ListX.txt”;

:local ListaXContenido;

:local ListX;

:local AddressX;

:local CreationTimeX;

:local CommentX;

:if ([len [/file find name=$File]]!=0) do={:set ListaXContenido ([/file get $File contents]); :if ([len $ListaXContenido]>0) do={:while ([len $ListaXContenido]>0) do={:set ListX ([pick $ListaXContenido 0 ([find $ListaXContenido “&:&”])]); :set AddressX ([pick $ListaXContenido ([find $ListaXContenido “&:&”]+3) ([find $ListaXContenido “&-&”])]); :set CreationTimeX ([pick $ListaXContenido ([find $ListaXContenido “&-&”]+3) ([find $ListaXContenido “&+&”])]); :set CommentX ([pick $ListaXContenido ([find $ListaXContenido “&+&”]+3) ([find $ListaXContenido “&*&”])]); :set ListaXContenido ([pick $ListaXContenido ([find $ListaXContenido “&*&”]+3) [len $ListaXContenido]]); :if ([/ip firewall address-list find (list=$ListX and address=$AddressX)]=””) do={/ip firewall address-list add list=$ListX address=$AddressX comment=$CommentX disable=yes;}}}; /file remove $File;} else={:log error message=(“[Error.Address-List Import]: Empty”);};

# RB.AddressList-Restore: ---------------------------------------------------------------

# Name: RB.AddressList-Restore

# comment=”Rx: ( RB.Restaura AddressList )”;

/ip firewall address-list remove [find]; # Borra all AddressList.IPs

/import file=AddressList.rsc;

# RB.BackUp-AddressList: ---------------------------------------------------------------

# Name: RB.BackUp-AddressList

# comment=”R+: ( RB.BackUp-AddressList )”;

# -----------------------------------------------

# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)

:local TestConn do={:local PLoss ($3+1); :local AvgRTT ($4+1); :local MaxRTT; :local PRecibidos; :local PEnviados; :local LogMsg; :local DisabledIP (false); :if ([/ip firewall address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]="") do={/ip firewall address-list add address=$1 list=“A-ICMPWANSRC.List“ comment=”T+: (TemporalIP x ICMP)” timeout=1m disable=no;} else={:if ([/ip firewall address-list get value-name=disabled [find (address=$1 and list=”A-ICMPWANSRC.List”)]]) do={/ip firewall address-list enable [/ip firewall address-list find (address=$1 and list=”A-ICMPWANSRC.List”)]; :set DisabledIP (true);}}; delay 10ms; /tool flood-ping $1 count=$2 size=$5 do={:if ($sent=$2) do={:set AvgRTT ($”avg-rtt”); :set MaxRTT ($”max-rtt”); :set PEnviados $sent; :set PRecibidos $received;}}; :if ($DisabledIP) do={/ip firewall address-list disable [/ip firewall address-list find (address=$1)];}; :set PLoss (100-(($PRecibidos*100)/$PEnviados)); :set LogMsg ("[ $6 – ping ( $1 – $5 b ) ]: latencia media ( $([:tostr $AvgRTT])ms ) – latencia maxima: ( $([:tostr $MaxRTT])ms ) – paquetes perdidos: ( $([:tostr $PLoss])% )"); :if ($PLoss<=$3 and $AvgRTT<=$4) do={:log info message=($LogMsg); :return (“OK”)} else={:log error message=($LogMsg); :return (“KO”)}};

# Nota: Asegurarse que IP este en address-list (do={:beep frequency=550 length=494ms;}).

# -----------------------------------------------

/ip firewall address-list export file=AddressList; :delay 5s;

# ----------------------------------------------- [Test.Connection]

:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.BackUp-AddressList”]=”OK”) do={

# ----------------------------------------------- [Test.Connection]

:local Subjet (([/user get [find name=user(x)] comment]).([pick ([/system scrip get [find name=”RB.BackUp-AddressList”] comment]) 4 ([len ([/system scrip get [find name=”RB.BackUp-AddressList”] comment])])])); /tool e-mail send to="xxx@gmail.com" subject=$Subjet body=“System : ($[/system identity get name]) \r\nFecha : ($[/system clock get date]) \r\nHora : ($[/system clock get time]) \r\nModelo : ($[/system resource get board-name]) \r\nIPWAN1 : ($[/ip address get [find comment~”TELCO.2.2.2.x”] value-name=address]) \r\nEtherAux : ($[/ip address get [find comment~”EMERGENCY1”] value-name=interface]) \r\nIPEtherAux : ($[/ip address get [find comment~”EMERGENCY1”] value-name=address])” file=AddressList.rsc;}

# RB.BackUp-Config (Email): ------------------------------------------------------------

# Name: RB.BackUp-Config

# comment="R+: ( RB.BackUp-Config )";

# -----------------------------------------------

# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)

# Nota: Asegurarse que IP este en address-list (do={:beep frequency=550 length=494ms;}).

# -----------------------------------------------

# Función agrega caracteres (Izq/Der) hasta len: (Var, Donde, Char, Long)

:local AddCToLen do={:if ([len $1]<$4) do={:for r from=[len $1] to=($4-1) do={:if ($2=”Izq.”) do={:set $1 ($3.$1)} else={:set $1 ($1.$3)}}}; :return ($1)};

# ----------------------------------------------- [Test.Connection]

:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.BackUp-Config”]=”OK”) do={

# ----------------------------------------------- [Test.Connection]

:local MACList “”; :local IPList “”;

:foreach x in=[/interface find] do={:set MACList ($MACList.”(“.[$AddCToLen [/interface get $x name] "Der." " " 12].” – “.[$AddCToLen [/interface get $x mac-address] "Der." " " 18].” – “.[$AddCToLen [/interface get $x comment] "Der." " " 50].” – Disable=“.[$AddCToLen [/interface get $x disabled] "Der." " " 5].”)\r\n“);};

:foreach x in=[/ip address find] do={:set IPList ($IPList.”(“.[$AddCToLen [/ip address get $x interface] "Der." " " 12].” – “.[$AddCToLen [/ip address get $x address] "Der." " " 18].” – “.[$AddCToLen [/ip address get $x comment] "Der." " " 50].” – Disable=“.[$AddCToLen [/ip address get $x disabled] "Der." " " 5].”)\r\n“);};

:local Name ([/system resource get board-name].”[01]”);

/system backup save name=$Name dont-encrypt=no encryption=aes-sha256 password=”xxxxxxxxxxx”; :delay 2s; :local Subjet (([/user get [find name=user(x)] comment]).([pick ([/system scrip get [find name=”RB.BackUp-Config”] comment]) 4 ([len ([/system scrip get [find name=”RB.BackUp-Config”] comment])])])); /tool e-mail send to="xxx@gmail.com" subject=$Subjet body=“System : ($[/system identity get name]) \r\nFecha : ($[/system clock get date]) \r\nHora : ($[/system clock get time]) \r\nModelo : ($[/system resource get board-name]) \r\nIPWAN1 : ($[/ip address get [find comment~”TELCO.2.2.2.x”] value-name=address] \r\nEtherAux : ($[/ip address get [find comment~”EMERGENCY1”] value-name=interface]) \r\nIPEtherAux : ($[/ip address get [find comment~”EMERGENCY1”] value-name=address]) \r\n\r\nMAC.Rango :\r\n$MACList \r\nIP.Rango :\r\n$IPList” file=$Name;}

# Nota: Dado que, al restaurar (backup), se cambian hasta las MAC de las interfaces, recordar cambiarlas (para evitar duplicación de MAC en red).

Actualización DDNS: -------------------------------------------------------------------- [ INI ]

# Crear un script especifico y con distinto nombre, para cada WAN(x) a actualizar (diferenciando los identificadores en DuckDNS) y agregarlos a una única tarea TP (RB.IP-Change). En (https://www.duckdns.org/), ir a install seleccionar (identity y mikrotik) copiar y pegar en un nuevo Script (DDNS.UpDate). Finalmente, cambiar (interface=MATRIX) por (comment=WAN(x).[ (x) ]).

# RB.DDNSUpDate-WAN(x): ---------------------------------------------------------

# Name: RB.DDNSUpDate-WAN(x)

# comment="R+: ( RB.DDNSUpDate-WAN(x) )";

# --------------------------------------------------

:global actualIP value=[/ip address get [find where comment~”TELCO.2.2.2.x”] value-name=address]; :global actualIP value=[:pick $actualIP -1 [:find $actualIP "/" -1]]; :if ([:len [/file find where name=ipstore.txt]]<1) do={/file print file=ipstore.txt where name=ipstore.txt; /delay delay-time=2; /file set ipstore.txt contents="0.0.0.0";}; :global previousIP value=[/file get [find where name=ipstore.txt] value-name=contents]; :if ($previousIP!=$actualIP) do={:log info message=("[Try to Update DuckDNS]: a actual-IP ".$actualIP." - anterior-IP es ".$previousIP);

# ------------------------

/tool fetch mode=https keep-result=yes dst-path=duckdns-result.txt address=[:resolve www.duckdns.org] port=443 host=www.duckdns.org src-path=("<<< Token dado por duckdns >>>=".$actualIP);

# ------------------------

:delay 5s; :global lastChange value=[/file get [find where name=duckdns-result.txt] value-name=contents]; :global previousIP value=$actualIP; /file set ipstore.txt contents=$actualIP; :if ($lastChange="OK") do={:log warning message=("[DuckDNS update successfull]: a actual-IP ".$actualIP);}; :if ($lastChange="KO") do={:log error ("[Fail to update DuckDNS]: a actual-IP ".$actualIP);};};

Actualización DDNS: ------------------------------------------------------------------- [ FIN ]

# RB.IP-ChangeWAN(x): -----------------------------------------------------------------

# Es aconsejable, al finalizar la tarea, remover las variables globales (previousIP, lastChange y actualIP).

# Name: RB.IP-ChangeWAN(x)

# Comment=”R+: ( RB.IP-ChangeWAN(x) )”;

# -----------------------------------------------

# Función IP.Test: (IP,PacketSend,PacketLossLimit,AvgLimit,PacketSize,Proceso)

# Nota: Asegurarse que IP este en address-list (do={:beep frequency=550 length=494ms;}).

# ----------------------------------------------- [Test.Connection]

:if ([$TestConn "8.8.8.8" 10 30 100 64 ”RB.IP-ChangeWAN1”]=”OK”) do={

# ----------------------------------------------- [Test.Connection]

# Establece IP.New: ----------------------------------------------------------------------

# -----------------------------------------------

# Función convierte IPv4 en número entero:

:local FIPaNr do={:local IPstr ($1."."); :local IPnum ""; :for x from=1 to=4 do={:set IPnum ($IPnum.[:pick $IPstr 0 [:find $IPstr "." -1]]); :set IPstr ([:pick $IPstr ([:find $IPstr "." 0]+1) [:len $IPstr]]);}; :return [:tonum $IPnum]};

# -----------------------------------------------

:local IniIP value=2.2.2.1; # sin ceros a la izquierda

:local UltIP value=2.2.2.50; # sin ceros a la izquierda

# -----------------------------------------------

:local ActualIP value=[/ip address get [find comment~”TELCO.2.2.2.x”] value-name=address];

:local ActualX value=[:pick $ActualIP -1 [:find $ActualIP "/" -1]];

<<< Mecanismo x descubrir la nueva IP >>>}; /ip address set [/ip address find address=$ActualIP] address=$ActualX; :delay 2s;

# Actualiza DDNS: ------------------------------------------------------------------------

/system script run RB.DDNSUpDate-WAN(x); :delay 3s; # UpDate DDNS.WAN(x)

# Envia Email informativo: ---------------------------------------------------------------

:local IntervaloT value=[/system scheduler get [find name=”TP (RB.IP-Change)”] value-name=interval]; :global lastChange; :global QoSDropList; :local Subjet (([/user get [find name=user(x)] comment]).([pick ([/system scrip get [find name=”RB.IP-ChangeWAN(x)”] comment]) 4 ([len ([/system scrip get [find name=”RB.IP-ChangeWAN(x)”] comment])])])); /tool e-mail send to="xxx@gmail.com" subject=$Subjet body=“System : ($[/system identity get name]) \r\nFecha : ($[/system clock get date]) \r\nHora : ($[/system clock get time]) \r\nIP.Actual : ($ActualX/24) \r\nDDNS.UpDate : ($lastChange) \r\nChange.Interv: ($IntervaloT) \r\nIP.Pool : ($IniIP/24 - $UltIP/24) \r\nQoS.DropL : \r\n[$QoSDropList]”; /system script environment remove [find name="previousIP"]; /system script environment remove [find name="lastChange"]; /system script environment remove [find name="actualIP"];};

# Nota: si bien, provoca un script error, aborta un script: /system script job remove [/system script job find script=RB.IP-ChangeWAN(x)];

# RB.PromoXDay-Cheq: -----------------------------------------------------------------

# Name: RB.PromoXDay-Cheq

# comment="xC+: ( RB.PromoXDay-Cheq )";

# -----------------------------------------------

:local Mx ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");

:local DateAct ([/system clock get date]);

:local DiaAct ([pick $DateAct 4 6]);

:local MesActP ([pick $DateAct 0 3]);

:local MesAct ([find $Mx $MesActP -1]+1);

:local AnioAct ([pick $DateAct 7 11]);

:local DatePromo;

:local DiaPromo;

:local MesPromo; # No olvidar el (0) a la izquierda para (<10).

:local AnioPromo;

:local Comment;

:local QSName;

:local CTimePromo;

:local IPPromo;

:if ($MesAct<10) do={:set MesAct (“0”.$MesAct);};

:set DateAct ($AnioAct.$MesAct.$DiaAct);

:local DateActF ($DiaAct.”/”.$MesAct.”/”.([pick $AnioAct 2 4]));

:log info message=("[RB.PromoXDay-Cheq (INI)]");

:foreach x in=[/ip firewall address-list find (list=”C-PROMOXDCLIENT.List” and !disabled)] do={:set IPPromo ([/ip firewall address-list get $x address]); :set CTimePromo ([/ip firewall address-list get $x creation-time]); :set Comment ([/ip firewall address-list get $x comment]); :set DiaPromo ([pick $Comment ([find $Comment “expira”]+11) ([find $Comment “expira”]+13)]); :set MesPromo ([pick $Comment ([find $Comment “expira”]+14) ([find $Comment “expira”]+16)]); :set AnioPromo ([pick $Comment ([find $Comment “expira”]+17) ([find $Comment “expira”]+21)]); :set DatePromo ($AnioPromo.$MesPromo.$DiaPromo); :if ([tonum $DateAct]>[tonum $DatePromo]) do={/ip firewall address-list set $x list=”C-CLIENTDROP.List”; :set QSName ([/queue simple get [find target=($IPPromo."/32")] value-name=name]); :set QSName ([pick $QSName 0 ([find $QSName “::”]+3)].$DateActF.[pick $QSName ([find $QSName “::”]+11) [len $QSName]]); /queue simple set [find target=($IPPromo."/32")] name=(“S: ”.$QSName); /queue simple set [find target=($IPPromo."/32")] disable=yes; :log warning message=("[RB.PromoXDay-Cheq (Expire: $QSName) – ($DateAct > $DatePromo)]"); :global TelegramMessage (“[RB.PromoXDay-Cheq (Expire: $QSName) – ($DateAct>$DatePromo)]”); /system script run RB.Telegram-MessageAlert;}};

...

RouterOS

lunes, 29 de abril de 2019

RouterOS.Script (Basic 01-02)

No hay comentarios:

Publicar un comentario