---- ✂️ ----
📌 News and configuration changes
The configuration version on MikroTik increased to 85, current configuration may need modification. Please review and update global-config-overlay, then re-run global-config.
Changes:
● Support for e-mail notifications moved to a module. It is installed automatically if required.
● Dropped 'netwatch-syslog', filtering in firewall is advised.
---- ✂️ ----
This was undocumented and scripts did never catch up with general
quality expectations, for example global-config and global functions
were not used.
If you need the code get it from git history. 😜
To filter in firewall you should use something like this:
/ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
/ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
For RouterOS 6.x a separate package 'ntp' exists. This adds server
functionality, but allows ip addresses for the client only. I added the
script 'rotate-ntp' to update addresses from names...
Now with RouterOS 7.x there's no extra package and the limitation does
no longer exist. So let's just drop the script.
This adds migration code, that...
* removes the script from configuration
* removes a scheduler from configuration
* sets the configured ntp pool name for ntp client
Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root
X1") on July 8, 2019, but postponed several times.
Finally they found another solution: A certificate 'ISRG Root X1', but
cross-signed with 'DST Root CA X3' and with a livetime that exceeds that
of the root CA. This is said to work for most operating system where root
certificate authorities are just 'trust anchors'.
I doubt this is true for RouterOS, where certificates are just imported
into the certificate store. So let's migrate to 'ISRG Root X1' now.
