-
-
Save pantigon/ffb0f929c6a4385b379ec0a892547cbd to your computer and use it in GitHub Desktop.
A RouterOS v7.8-compatible script for automatic generation of an address list containing all Facebook CDN addresses required for maintaining a normal connection from the DNS cache entries. Designed for decent stability and low CPU usage spikes. This is a combination of scripts by @jgrossiord and @ZloyXEP with some additions.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :delay delay-time=#REPLACE_THIS_WITH_SOME_ARBITRARY_RESULT_OF_HITTING_YOUR_NUMPAD_WITH_A_FIST#ms; | |
| :foreach i in=[/ip dns cache find] do={ | |
| # Turn this on while turning off other delays for ease of manual use. Don't forget to reenable later. | |
| # :delay delay-time=5ms; | |
| :delay delay-time=50ms; | |
| :local cacheName [/ip dns cache all get $i name]; | |
| :local cacheType [/ip dns cache all get $i type]; | |
| :if (($cacheType="A" or $cacheType="CNAME") and (($cacheName~"^([0-9A-Za-z\\-]*\\.)*facebook(\\.[0-9A-Za-z\\-]*)*\\.?\$") or ($cacheName~"^([0-9A-Za-z\\-]*\\.)*fbcdn(\\.[0-9A-Za-z\\-]*)*\\.?\$") or ($cacheName~"^([0-9A-Za-z\\-]*\\.)*fbstatic(\\.[0-9A-Za-z\\-]*)*\\.?\$") or ($cacheName~"^([0-9A-Za-z\\-]*\\.)*fbexternal(\\.[0-9A-Za-z\\-]*)*\\.?\$"))) do={ | |
| # IP-based rule | |
| :if ($cacheType="A") do={ | |
| :local cacheData [/ip dns cache all get $i data]; | |
| :local record [/ip firewall address-list find where (address=$cacheData) and (list=vpn_loopback_sites_dynamic)]; | |
| # One day I just randomly found 0.0.0.0 in the list. I'm not sure how it got there, so I introduced this safety measure. | |
| :if (($cacheData~"^0\\.") or ($cacheData~"^10\\.") or ($cacheData~"^127\\.") or ($cacheData~"^192\\.168\\.")) do={ | |
| :put ("script tried putting $cacheData into the address list, was prevented"); | |
| } else={ | |
| :if ($record="") do={ | |
| :put ("add: $cacheName $cacheType $cacheData"); | |
| /ip firewall address-list add address=$cacheData comment=$cacheName timeout=14d list=vpn_loopback_sites_dynamic | |
| } else={ | |
| :put ("renew: $cacheName $cacheType $cacheData"); | |
| /ip firewall address-list set $record timeout=14d; | |
| } | |
| } | |
| } | |
| # Domain-based rule | |
| :if ($cacheType="A") do={ | |
| :local record [/ip firewall address-list find where (address=$cacheName) and (list=vpn_loopback_sites_dynamic)]; | |
| :if ($record="") do={ | |
| :put ("add: $cacheName $cacheType"); | |
| /ip firewall address-list add address=$cacheName timeout=14d list=vpn_loopback_sites_dynamic | |
| } else={ | |
| :put ("renew: $cacheName $cacheType"); | |
| /ip firewall address-list set $record timeout=14d; | |
| } | |
| } | |
| :if ($cacheType="CNAME") do={ | |
| :local cacheData [/ip dns cache all get $i data]; | |
| :local record [/ip firewall address-list find where (address=$cacheData) and (list=vpn_loopback_sites_dynamic)]; | |
| :if ($record="") do={ | |
| :put ("add: $cacheName $cacheType $cacheData"); | |
| /ip firewall address-list add address=$cacheData comment=$cacheName timeout=14d list=vpn_loopback_sites_dynamic | |
| } else={ | |
| :put ("renew: $cacheName $cacheType $cacheData"); | |
| /ip firewall address-list set $record timeout=14d; | |
| } | |
| :local record [/ip firewall address-list find where (address=$cacheName) and (list=vpn_loopback_sites_dynamic)]; | |
| :if ($record="") do={ | |
| :put ("add: $cacheName $cacheType"); | |
| /ip firewall address-list add address=$cacheName timeout=14d list=vpn_loopback_sites_dynamic | |
| } else={ | |
| :put ("renew: $cacheName $cacheType"); | |
| /ip firewall address-list set $record timeout=14d; | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment