I'd like to create a compliance policy for MikroTik devices that compare addresses in a list and ensure certain addresses are in there
I know how to write the regex expressions to capture the snippet in the config correctly
Start: \/ip firewall address-list.*
End: (^\/|\z)
This captures a block between where it starts with '/ip firewall address-list' and ends with a new line beginning with '/' or is the end of the config snippet
And then I have match simple string arguments of...
add address=10.0.0.0/24 list=Trusted
'and'
add address=10.0.1.0/24 list=Trusted
This works perfectly fine on the below snippet
/ip firewall address-list
add address=10.0.0.0/24 list=Trusted
add address=10.0.1.0/24 list=Trusted
/ip firewall service-port
set sip disabled=yes
Matches perfectly, no violations. However the following also matches
/ip firewall address-list
add address=10.0.0.0/24 list=Trusted
add address=10.0.1.0/24 list=Trusted
add address=10.0.2.0/24 list=Trusted
/ip firewall service-port
set sip disabled=yes
It contains both requested statements, but it doesn't care about any other entries. I figured maybe I could add another match string of
must NOT contain 'add address=* list=Trusted'
But then it fails validation because it looks for any entry, including the 2 that previously succeeded validation and will fail
Is there a way to have it match the entries that I put in there, but fail validation if there are any other entries at all in the block?
If there's no simple or regex expression for this, i'm thinking maybe it's possible to count the number of lines with regex to ensure i.e. there's exactly 2 entries? But I dont' know the syntax or if it's even possible