terraform-routeros · vaerh · Dec 2, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 28, 2024
@@ -0,0 +1 @@
+data "routeros_ip_firewall_filter" "rules" {}
@@ -0,0 +1,5 @@
+#The ID can be found via API or the terminal
+#The command for the terminal is -> :put [/interface/bridge/filter get [print show-ids]]
+terraform import routeros_interface_bridge_filter.rule "*0"
+#Or you can import a resource using one of its attributes
+terraform import routeros_interface_bridge_filter.rule "dst_address=224.0.0.251/32"
@@ -0,0 +1,52 @@
+variable "bridge_filter_rule" {
+  type = list(object({
+    chain              = string
+    action             = string
+    connection_state   = optional(string)
+    in_interface_list  = optional(string, "all")
+    out_interface_list = optional(string)
+    src_address        = optional(string)
+    dst_address        = optional(string)
+    src_port           = optional(string)
+    dst_port           = optional(string)
+    jump_target        = optional(string)
+    protocol           = optional(string)
+    comment            = optional(string, "(terraform-defined)")
+    log                = optional(bool, false)
+    log_prefix         = optional(string, "")
+    disabled           = optional(bool, false)
+  }))
+
+  default = [
+    { "action" = "drop", "chain" = "forward", "comment" = "Drop data between bridge ports" },
+    { "action" = "drop", "chain" = "forward", "comment" = "Block VLAN encap", "log_prefix" = "Block VLAN encap", "mac_protocol" = "vlan" },
+    { "action" = "accept", "chain" = "forward", "comment" = "", "disabled" = "true", "dst_address" = "224.0.0.251/32", "ip_protocol" = "udp", "log_prefix" = "Allow bonjour", "mac_protocol" = "ip" },
+  ]
+}
+
+locals {
+  rule_map = { for idx, rule in var.bridge_filter_rule : format("%03d", idx) => rule }
+}
+
+resource "routeros_interface_bridge_filter" "rules" {
+  for_each          = local.rule_map
+  chain             = each.value.chain
+  action            = each.value.action
+  comment           = each.value.comment
+  log               = each.value.log
+  log_prefix        = each.value.log_prefix
+  disabled          = each.value.disabled
+  connection_state  = each.value.connection_state
+  in_interface_list = each.value.in_interface_list
+  dst_port          = each.value.dst_port
+  protocol          = each.value.protocol
+  src_address       = each.value.src_address
+  jump_target       = each.value.jump_target
+}
+
+resource "routeros_move_items" "bridge_filter_rules" {
+  #  resource_name = "routeros_interface_bridge_filter"
+  resource_path = "/interface/bridge/filter"
+  sequence      = [for i, _ in local.rule_map : routeros_interface_bridge_filter.rules[i].id]
+  depends_on    = [routeros_interface_bridge_filter.rules]
+}
@@ -0,0 +1,82 @@
+package routeros
+
+// Script generated from sampled device MikroTik 7.11.2 (stable) on CHR AMD-x86_64
+
+import (
+	"context"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DatasourceInterfaceBridgeFilter() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: datasourceInterfaceBridgeFiltersRead,
+		Schema: map[string]*schema.Schema{
+			MetaResourcePath: PropResourcePath("/interface/bridge/filter"),
+			MetaId:           PropId(Id),
+
+			KeyFilter: PropFilterRw,
+			"filters": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": { // Sample = .id: "*1"
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"action": { // Sample = action: "drop"
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"bytes": { // Sample = bytes: "0"
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"in_interface": { // Sample = chain: "ether1"
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"chain": { // Sample = chain: "forward"
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"comment": { // Sample = comment: "Drop data between cast ports"
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"dynamic": { // Sample = dynamic: "false"
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"invalid": { // Sample = invalid: "false"
+							Type:     schema.TypeBool,
+							Computed: true,
+						},
+						"packets": { // Sample = packets: "0"
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"mac_protocol": { // Sample = mac_protocol: "0x890D"
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func datasourceInterfaceBridgeFiltersRead(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	s := DatasourceInterfaceBridgeFilter().Schema
+	path := s[MetaResourcePath].Default.(string)
+
+	res, err := ReadItemsFiltered(buildReadFilter(d.Get(KeyFilter).(map[string]interface{})), path, m.(Client))
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	return MikrotikResourceDataToTerraformDatasource(res, "data", s, d)
+}
@@ -0,0 +1,39 @@
+package routeros
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+const testDatasourceInterfaceBridgeFilter = "data.routeros_interface_bridge_filter.rules"
+
+func TestAccDatasourceInterfaceBridgeFilterTest_basic(t *testing.T) {
+	for _, name := range testNames {
+		t.Run(name, func(t *testing.T) {
+			resource.Test(t, resource.TestCase{
+				PreCheck: func() {
+					testAccPreCheck(t)
+					testSetTransportEnv(t, name)
+				},
+				ProviderFactories: testAccProviderFactories,
+				Steps: []resource.TestStep{
+					{
+						Config: testAccDatasourceInterfaceBridgeFilterConfig(),
+						Check: resource.ComposeTestCheckFunc(
+							testResourcePrimaryInstanceId(testDatasourceInterfaceBridgeFilter),
+						),
+					},
+				},
+			})
+
+		})
+	}
+}
+
+func testAccDatasourceInterfaceBridgeFilterConfig() string {
+	return providerConfig + `
+
+data "routeros_interface_bridge_filter" "rules" {}
+`
+}
@@ -153,6 +153,7 @@ func Provider() *schema.Provider {
 			// Interface Objects
 			"routeros_interface_6to4":                           ResourceInterface6to4(),
 			"routeros_interface_bonding":                        ResourceInterfaceBonding(),
+			"routeros_interface_bridge_filter":                  ResourceInterfaceBridgeFilter(),
 			"routeros_interface_bridge_port":                    ResourceInterfaceBridgePort(),
 			"routeros_interface_bridge_settings":                ResourceInterfaceBridgeSettings(),
 			"routeros_interface_bridge_vlan":                    ResourceInterfaceBridgeVlan(),
@@ -335,20 +336,21 @@ func Provider() *schema.Provider {
 			"routeros_zerotier_interface":  ResourceZerotierInterface(),
 		},
 		DataSourcesMap: map[string]*schema.Resource{
-			"routeros_files":                 DatasourceFiles(),
-			"routeros_interfaces":            DatasourceInterfaces(),
-			"routeros_ip_addresses":          DatasourceIPAddresses(),
-			"routeros_ip_arp":                DatasourceIpArp(),
-			"routeros_ip_dhcp_server_leases": DatasourceIpDhcpServerLeases(),
-			"routeros_ip_firewall":           DatasourceIPFirewall(),
-			"routeros_ip_routes":             DatasourceIPRoutes(),
-			"routeros_ip_services":           DatasourceIPServices(),
-			"routeros_ipv6_addresses":        DatasourceIPv6Addresses(),
-			"routeros_ipv6_firewall":         DatasourceIPv6Firewall(),
-			"routeros_system_resource":       DatasourceSystemResource(),
-			"routeros_system_routerboard":    DatasourceSystemRouterboard(),
-			"routeros_wifi_easy_connect":     DatasourceWiFiEasyConnect(),
-			"routeros_x509":                  DatasourceX509(),
+			"routeros_files":                   DatasourceFiles(),
+			"routeros_interfaces":              DatasourceInterfaces(),
+			"routeros_interface_bridge_filter": DatasourceInterfaceBridgeFilter(),
+			"routeros_ip_addresses":            DatasourceIPAddresses(),
+			"routeros_ip_arp":                  DatasourceIpArp(),
+			"routeros_ip_dhcp_server_leases":   DatasourceIpDhcpServerLeases(),
+			"routeros_ip_firewall":             DatasourceIPFirewall(),
+			"routeros_ip_routes":               DatasourceIPRoutes(),
+			"routeros_ip_services":             DatasourceIPServices(),
+			"routeros_ipv6_addresses":          DatasourceIPv6Addresses(),
+			"routeros_ipv6_firewall":           DatasourceIPv6Firewall(),
+			"routeros_system_resource":         DatasourceSystemResource(),
+			"routeros_system_routerboard":      DatasourceSystemRouterboard(),
+			"routeros_wifi_easy_connect":       DatasourceWiFiEasyConnect(),
+			"routeros_x509":                    DatasourceX509(),
 
 			// Aliases for entries that have been renamed
 			"routeros_firewall": DatasourceIPFirewall(),

@@ -540,6 +540,10 @@ var (
 		regexp.MustCompile(`^!?\b(?:[0-9A-F]{2}\:){5}(?:[0-9A-F]{2})$`),
 		"Allowed MAC addresses should be [!]AA:BB:CC:DD:EE:FF",
 	)
+	ValidationMacAddressWithMask = validation.StringMatch(
+		regexp.MustCompile(`^!?\b(?:[0-9A-F]{2}\:){5}(?:[0-9A-F]{2})\/\b(?:[0-9A-F]{2}\:){5}(?:[0-9A-F]{2})$`),
+		"Allowed MAC addresses should be [!]AA:BB:CC:DD:EE:FF/FF:FF:FF:FF:FF:FF",
+	)
 
 	// ValidationMultiValInSlice returns a SchemaValidateDiagFunc which works like the StringInSlice function,
 	// but the provided value can be a single value or a comma-separated list of values.