Skip to main content

Mikrotik RouterOS

The scripting backend can be used for MikroTik RouterOS config updates as well. Here is a sample script you can use as a backend:

#!/bin/bash
# MikroTik SSH Update Script

# Configuration
MIKROTIK_USER="admin"
MIKROTIK_HOST="192.168.88.1"  # Replace with your MikroTik's IP
MIKROTIK_SSH_PORT=22          # SSH Port, default is 22
LIST_NAME="your_list_name"    # The name of the address list to update

# Set error handling
set -e -o pipefail

# Validate IP address
function validate_ip() {
    local ip=$1
    if [[ $ip =~ ^[0-9]{1,3}(\.[0-9]{1,3}){3}$ ]]; then
        return 0
    else
        echo "Invalid IP address"
        exit 1
    fi
}

# Validate operation
function validate_op() {
    local op=$1
    if [[ $op =~ ^(add|del)$ ]]; then
        return 0
    else
        echo "Invalid operation"
        exit 1
    fi
}

# Validate and assign operation
validate_op "$1"
op="$1"

# Validate and assign IP address
validate_ip "$2"
ip="$2"

# SSH command to add/delete IP from the list on MikroTik
if [[ "$op" == "add" ]]; then
    ssh -p $MIKROTIK_SSH_PORT $MIKROTIK_USER@$MIKROTIK_HOST "/ip firewall address-list add list=$LIST_NAME address=$ip"
elif [[ "$op" == "del" ]]; then
    ssh -p $MIKROTIK_SSH_PORT $MIKROTIK_USER@$MIKROTIK_HOST "/ip firewall address-list remove [find list=$LIST_NAME address=$ip]"
fi

As you can see the credentials will need adjustment, as you should have user with the least privilege required, and setup an ssh key to run this script properly. As it stands above, this script will NOT work, but serves to demonstrate what is possible with a Mikrotik backend.