chore(release): 1.72.0

CHANGELOG.md

@@ -1,3 +1,15 @@
+## [1.72.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.71.0...v1.72.0) (2024-12-22)
+
+### Features
+
+* **ipv6:** new resource routeros_ipv6_firewall_mangle ([e6a0c1e](https://github.com/terraform-routeros/terraform-provider-routeros/commit/e6a0c1e663f6a6e0ed447e6d2d46167562afe9a0))
+* **ipv6:** new resource routeros_ipv6_firewall_nat ([03c2587](https://github.com/terraform-routeros/terraform-provider-routeros/commit/03c2587c8be7583ff122fafeb96edfe6be489d35))
+* **pppoe:** Add new resource `routeros_interface_pppoe_server` ([f04afd1](https://github.com/terraform-routeros/terraform-provider-routeros/commit/f04afd1993c22a0010f60d2cd1dbd7150d854f84)), closes [#617](https://github.com/terraform-routeros/terraform-provider-routeros/issues/617)
+
+### Bug Fixes
+
+* **ipv6_dhcp_server_option:** Add Hotspot 2.0 fields ([1d64d8c](https://github.com/terraform-routeros/terraform-provider-routeros/commit/1d64d8c04adf9204bb554da2ec8bec9521203db0)), closes [#605](https://github.com/terraform-routeros/terraform-provider-routeros/issues/605)
+
 ## [1.71.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.70.0...v1.71.0) (2024-12-02)
 
 ### Features

docs/data-sources/ipv6_firewall.md

@@ -9,12 +9,159 @@ This datasource contains all supported firewall resources:
 
 ### Optional
 
+- `mangle` (Block List) (see [below for nested schema](#nestedblock--mangle))
+- `nat` (Block List) (see [below for nested schema](#nestedblock--nat))
 - `rules` (Block List) (see [below for nested schema](#nestedblock--rules))
 
 ### Read-Only
 
 - `id` (String) The ID of this resource.
 
+<a id="nestedblock--mangle"></a>
+### Nested Schema for `mangle`
+
+Optional:
+
+- `filter` (Map of String) Additional request filtering options.
+
+Read-Only:
+
+- `action` (String)
+- `address_list` (String)
+- `address_list_timeout` (String)
+- `bytes` (Number)
+- `chain` (String)
+- `comment` (String)
+- `connection_bytes` (String)
+- `connection_limit` (String)
+- `connection_mark` (String)
+- `connection_nat_state` (String)
+- `connection_rate` (String)
+- `connection_state` (String)
+- `connection_type` (String)
+- `content` (String)
+- `disabled` (Boolean)
+- `dscp` (Number)
+- `dst_address` (String)
+- `dst_address_list` (String)
+- `dst_address_type` (String)
+- `dst_limit` (String)
+- `dst_port` (String)
+- `dynamic` (Boolean)
+- `icmp_options` (String)
+- `id` (String)
+- `in_bridge_port` (String)
+- `in_bridge_port_list` (String)
+- `in_interface` (String)
+- `in_interface_list` (String)
+- `ingress_priority` (Number)
+- `invalid` (Boolean)
+- `ipsec_policy` (String)
+- `jump_target` (String)
+- `limit` (String)
+- `log` (Boolean)
+- `log_prefix` (String)
+- `new_connection_mark` (String)
+- `new_dscp` (Number)
+- `new_mss` (Number)
+- `new_packet_mark` (String)
+- `new_priority` (String)
+- `new_routing_mark` (String)
+- `new_ttl` (String)
+- `nth` (String)
+- `out_bridge_port` (String)
+- `out_bridge_port_list` (String)
+- `out_interface` (String)
+- `out_interface_list` (String)
+- `packet_mark` (String)
+- `packet_size` (String)
+- `passthrough` (Boolean)
+- `per_connection_classifier` (String)
+- `port` (String)
+- `priority` (Number)
+- `protocol` (String)
+- `random` (Number)
+- `routing_mark` (String)
+- `src_address` (String)
+- `src_address_list` (String)
+- `src_address_type` (String)
+- `src_mac_address` (String)
+- `src_port` (String)
+- `tcp_flags` (String)
+- `tcp_mss` (String)
+- `time` (String)
+- `tls_host` (String)
+- `ttl` (String)
+
+
+<a id="nestedblock--nat"></a>
+### Nested Schema for `nat`
+
+Optional:
+
+- `filter` (Map of String) Additional request filtering options.
+
+Read-Only:
+
+- `action` (String)
+- `address_list` (String)
+- `address_list_timeout` (String)
+- `bytes` (Number)
+- `chain` (String)
+- `comment` (String)
+- `connection_bytes` (String)
+- `connection_limit` (String)
+- `connection_mark` (String)
+- `connection_rate` (String)
+- `connection_type` (String)
+- `content` (String)
+- `disabled` (Boolean)
+- `dscp` (Number)
+- `dst_address` (String)
+- `dst_address_list` (String)
+- `dst_address_type` (String)
+- `dst_limit` (String)
+- `dst_port` (String)
+- `dynamic` (Boolean)
+- `icmp_options` (String)
+- `id` (String)
+- `in_bridge_port` (String)
+- `in_bridge_port_list` (String)
+- `in_interface` (String)
+- `in_interface_list` (String)
+- `ingress_priority` (Number)
+- `invalid` (Boolean)
+- `ipsec_policy` (String)
+- `jump_target` (String)
+- `limit` (String)
+- `log` (Boolean)
+- `log_prefix` (String)
+- `nth` (String)
+- `out_bridge_port` (String)
+- `out_bridge_port_list` (String)
+- `out_interface` (String)
+- `out_interface_list` (String)
+- `packet_mark` (String)
+- `packet_size` (String)
+- `per_connection_classifier` (String)
+- `port` (String)
+- `priority` (Number)
+- `protocol` (String)
+- `random` (Number)
+- `routing_mark` (String)
+- `src_address` (String)
+- `src_address_list` (String)
+- `src_address_type` (String)
+- `src_mac_address` (String)
+- `src_port` (String)
+- `tcp_flags` (String)
+- `tcp_mss` (String)
+- `time` (String)
+- `tls_host` (String)
+- `to_addresses` (String)
+- `to_ports` (String)
+
+
 <a id="nestedblock--rules"></a>
 ### Nested Schema for `rules`
 

docs/resources/capsman_access_list.md

@@ -29,7 +29,7 @@ resource "routeros_capsman_datapath" "test_rule" {
 - `mac_mask` (String) MAC address mask to apply when comparing clients' addresses.
 - `place_before` (String) Before which position the rule will be inserted.  
 	> Please check the effect of this option, as it does not work as you think!  
-	> Best way to use in conjunction with a data source. See [example](../data-sources/firewall.md#example-usage).
+	> Best way to use in conjunction with a data source. See [example](../data-sources/ip_firewall.md#example-usage).
 - `private_passphrase` (String) PSK passphrase for the client if some PSK authentication algorithm is used.
 - `radius_accounting` (Boolean) An option that specifies if RADIUS traffic accounting should be used in case of RADIUS authentication of the client.
 - `signal_range` (String) The range in which the client signal must fall.

docs/resources/capsman_interface.md

@@ -27,7 +27,7 @@ resource "routeros_capsman_interface" "cap1" {
 
 ### Optional
 
-- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
+- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix `ms`, `s`, `M`, `h`, `d` for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `channel` (Map of String) Channel inline settings.
 - `comment` (String)
 - `configuration` (Map of String) Configuration inline settings.

docs/resources/capsman_rates.md

@@ -31,8 +31,16 @@ resource "routeros_capsman_rates" "test_rates" {
 - `ht_basic_mcs` (Set of String) Modulation and Coding Schemes that every connecting client must support. Refer to 802.11n for MCS specification.
 - `ht_supported_mcs` (Set of String) Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11n for MCS specification.
 - `supported` (Set of String) List of supported rates. Two devices will communicate only using rates that are supported by both devices.
-- `vht_basic_mcs` (String) Modulation and Coding Schemes that every connecting client must support. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream none - will not use selected Spatial Stream MCS 0-7 - client must support MCS-0 to MCS-7 MCS 0-8 - client must support MCS-0 to MCS-8 MCS 0-9 - client must support MCS-0 to MCS-9
-- `vht_supported_mcs` (String) Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream none - will not use selected Spatial Stream MCS 0-7 - devices will advertise as supported MCS-0 to MCS-7 MCS 0-8 - devices will advertise as supported MCS-0 to MCS-8 MCS 0-9 - devices will advertise as supported MCS-0 to MCS-9
+- `vht_basic_mcs` (String) Modulation and Coding Schemes that every connecting client must support. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream
+  * none - will not use selected
+  * MCS 0-7 - client must support MCS-0 to MCS-7
+  * MCS 0-8 - client must support MCS-0 to MCS-8
+  * MCS 0-9 - client must support MCS-0 to MCS-9
+- `vht_supported_mcs` (String) Modulation and Coding Schemes that this device advertises as supported. Refer to 802.11ac for MCS specification. You can set MCS interval for each of Spatial Stream
+  * none - will not use selected
+  * MCS 0-7 - devices will advertise as supported MCS-0 to MCS-7
+  * MCS 0-8 - devices will advertise as supported MCS-0 to MCS-8
+  * MCS 0-9 - devices will advertise as supported MCS-0 to MCS-9
 
 ### Read-Only
 

docs/resources/interface_6to4.md

@@ -24,7 +24,7 @@ resource "routeros_interface_6to4" "test" {
 - `dont_fragment` (String)
 - `dscp` (String) Set dscp value in GRE header to a fixed value '0..63' or 'inherit' from dscp value taken from tunnelled traffic.
 - `ipsec_secret` (String, Sensitive) When secret is specified, router adds dynamic IPsec peer to remote-address with pre-shared key and policy (by default phase2 uses sha1/aes128cbc).
-- `keepalive` (String) Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. KeepaliveInterval is integer 0..4294967295
+- `keepalive` (String) Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: `KeepaliveInterval,KeepaliveRetries` where `KeepaliveInterval` is time interval and `KeepaliveRetries` - number of retry attempts. `KeepaliveInterval` is integer 0..4294967295
 - `local_address` (String) Source address of the tunnel packets, local on the router.
 - `mtu` (String) Layer3 Maximum transmission unit ('auto', 0 .. 65535)
 - `remote_address` (String) IP address of the remote end of the tunnel.

docs/resources/interface_bonding.md

@@ -22,7 +22,7 @@ resource "routeros_interface_bonding" "test" {
 - `arp` (String) Address Resolution Protocol for the interface. disabled - the interface will not use ARP enabled - the interface will use ARP proxy-arp - the interface will use the ARP proxy feature reply-only -the interface will only reply to requests originated from matching IPaddress/MAC address combinations which are entered as static entries inthe '/ip arp' table. No dynamic entries will be automatically stored inthe '/ip arp' table. Therefore for communications to be successful, avalid static entry must already exist.
 - `arp_interval` (String) Time in milliseconds defines how often to monitor ARP requests.
 - `arp_ip_targets` (String) IP target address which will be monitored if link-monitoring is set to arp. You can specify multiple IP addresses, separated by a comma.
-- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
+- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix `ms`, `s`, `M`, `h`, `d` for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `comment` (String)
 - `disabled` (Boolean)
 - `down_delay` (String) If a link failure has been detected, the bonding interface is disabled for a down-delay time. The value should be a multiple of mii-interval, otherwise, it will be rounded down to the nearest value. This property only has an effect when link-monitoring is set to mii.

docs/resources/interface_bridge.md

@@ -24,12 +24,12 @@ resource "routeros_interface_bridge" "bridge" {
 - `admin_mac` (String) Static MAC address of the bridge. This property only has effect when auto-mac is set to no.
 - `ageing_time` (String) How long a host's information will be kept in the bridge database.
 - `arp` (String) Address Resolution Protocol mode:
-		* disabled - the interface will not use ARP
-		* enabled - the interface will use ARP
-		* local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
-		* proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
-		* reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
-- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
+  * disabled - the interface will not use ARP
+  * enabled - the interface will use ARP
+  * local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
+  * proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
+  * reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
+- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix `ms`, `s`, `M`, `h`, `d` for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `auto_mac` (Boolean) Automatically select one MAC address of bridge ports as a bridge MAC address, bridge MAC will be chosen from the first added bridge port. After a device reboot, the bridge MAC can change depending on the port-number.
 - `comment` (String)
 - `dhcp_snooping` (Boolean)

docs/resources/interface_bridge_filter.md

@@ -100,7 +100,7 @@ resource "routeros_move_items" "bridge_filter_rules" {
 - `packet_type` (String) Match packets with a certain packet mark.
 - `place_before` (String) Before which position the rule will be inserted.  
 	> Please check the effect of this option, as it does not work as you think!  
-	> Best way to use in conjunction with a data source. See [example](../data-sources/firewall.md#example-usage).
+	> Best way to use in conjunction with a data source. See [example](../data-sources/ip_firewall.md#example-usage).
 - `src_address` (String) Source port number or range (only for TCP or UDP protocols).
 - `src_mac_address` (String) Source MAC address.
 - `src_port` (String) List of source port numbers or port number ranges.

docs/resources/interface_eoip.md

@@ -24,19 +24,19 @@ resource "routeros_interface_eoip" "eoip_tunnel1" {
 
 - `allow_fast_path` (Boolean) Whether to allow FastPath processing. Must be disabled if IPsec tunneling is used.
 - `arp` (String) Address Resolution Protocol mode:
-		* disabled - the interface will not use ARP
-		* enabled - the interface will use ARP
-		* local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
-		* proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
-		* reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
-- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
+  * disabled - the interface will not use ARP
+  * enabled - the interface will use ARP
+  * local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
+  * proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
+  * reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
+- `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix `ms`, `s`, `M`, `h`, `d` for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `clamp_tcp_mss` (Boolean) Controls whether to change MSS size for received TCP SYN packets. When enabled, a router will change the MSS size for received TCP SYN packets if the current MSS size exceeds the tunnel interface MTU (taking into account the TCP/IP overhead). The received encapsulated packet will still contain the original MSS, and only after decapsulation the MSS is changed.
 - `comment` (String)
 - `disabled` (Boolean)
 - `dont_fragment` (String)
 - `dscp` (String) Set dscp value in GRE header to a fixed value '0..63' or 'inherit' from dscp value taken from tunnelled traffic.
 - `ipsec_secret` (String, Sensitive) When secret is specified, router adds dynamic IPsec peer to remote-address with pre-shared key and policy (by default phase2 uses sha1/aes128cbc).
-- `keepalive` (String) Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: KeepaliveInterval,KeepaliveRetries where KeepaliveInterval is time interval and KeepaliveRetries - number of retry attempts. KeepaliveInterval is integer 0..4294967295
+- `keepalive` (String) Tunnel keepalive parameter sets the time interval in which the tunnel running flag will remain even if the remote end of tunnel goes down. If configured time,retries fail, interface running flag is removed. Parameters are written in following format: `KeepaliveInterval,KeepaliveRetries` where `KeepaliveInterval` is time interval and `KeepaliveRetries` - number of retry attempts. `KeepaliveInterval` is integer 0..4294967295
 - `local_address` (String) Source address of the tunnel packets, local on the router.
 - `loop_protect` (String)
 - `loop_protect_disable_time` (String)