chore(release): 1.17.0

CHANGELOG.md

@@ -1,3 +1,10 @@
+## [1.17.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.16.0...v1.17.0) (2023-09-22)
+
+
+### Features
+
+* Ip firewall connection tracking ([#260](https://github.com/terraform-routeros/terraform-provider-routeros/issues/260)) ([9d39bf8](https://github.com/terraform-routeros/terraform-provider-routeros/commit/9d39bf82ebbff621888bb6535fe57148488f0215))
+
 ## [1.16.0](https://github.com/terraform-routeros/terraform-provider-routeros/compare/v1.15.0...v1.16.0) (2023-09-21)
 
 

docs/resources/interface_bridge.md

@@ -24,11 +24,11 @@ resource "routeros_interface_bridge" "bridge" {
 - `admin_mac` (String) Static MAC address of the bridge. This property only has effect when auto-mac is set to no.
 - `ageing_time` (String) How long a host's information will be kept in the bridge database.
 - `arp` (String) Address Resolution Protocol mode:
-				disabled - the interface will not use ARP
-				enabled - the interface will use ARP
-				local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
-				proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
-				reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
+	* disabled - the interface will not use ARP
+	* enabled - the interface will use ARP
+	* local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
+	* proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
+	* reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
 - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `auto_mac` (Boolean) Automatically select one MAC address of bridge ports as a bridge MAC address, bridge MAC will be chosen from the first added bridge port. After a device reboot, the bridge MAC can change depending on the port-number.
 - `comment` (String)

docs/resources/interface_ethernet.md

@@ -17,11 +17,11 @@
 				only applies when auto-negotiation is enabled. Advertising higher speeds than 
 				the actual interface supported speed will have no effect, multiple options are allowed.
 - `arp` (String) Address Resolution Protocol mode:
-				disabled - the interface will not use ARP
-				enabled - the interface will use ARP
-				local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
-				proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
-				reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
+	* disabled - the interface will not use ARP
+	* enabled - the interface will use ARP
+	* local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
+	* proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
+	* reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
 - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `auto_negotiation` (Boolean) When enabled, the interface "advertises" its maximum capabilities to achieve the best connection possible.
 					Note1: Auto-negotiation should not be disabled on one end only, otherwise Ethernet Interfaces may not work properly.

docs/resources/interface_vlan.md

@@ -24,11 +24,11 @@ resource "routeros_interface_vlan" "interface_vlan" {
 ### Optional
 
 - `arp` (String) Address Resolution Protocol mode:
-				disabled - the interface will not use ARP
-				enabled - the interface will use ARP
-				local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
-				proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
-				reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
+	* disabled - the interface will not use ARP
+	* enabled - the interface will use ARP
+	* local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
+	* proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
+	* reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
 - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `comment` (String)
 - `disabled` (Boolean)

docs/resources/interface_vrrp.md

@@ -22,11 +22,11 @@ resource "routeros_interface_vrrp" "interface_vrrp" {
 ### Optional
 
 - `arp` (String) Address Resolution Protocol mode:
-				disabled - the interface will not use ARP
-				enabled - the interface will use ARP
-				local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
-				proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
-				reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
+	* disabled - the interface will not use ARP
+	* enabled - the interface will use ARP
+	* local-proxy-arp - the router performs proxy ARP on the interface and sends replies to the same interface
+	* proxy-arp - the router performs proxy ARP on the interface and sends replies to other interfaces
+	* reply-only - the interface will only reply to requests originated from matching IP address/MAC address combinations which are entered as static entries in the ARP table. No dynamic entries will be automatically stored in the ARP table. Therefore for communications to be successful, a valid static entry must already exist.
 - `arp_timeout` (String) ARP timeout is time how long ARP record is kept in ARP table after no packets are received from IP. Value auto equals to the value of arp-timeout in IP/Settings, default is 30s. Can use postfix ms, s, M, h, d for milliseconds, seconds, minutes, hours or days. If no postfix is set then seconds (s) is used.
 - `authentication` (String) Authentication method to use for VRRP advertisement packets.
 - `comment` (String)

docs/resources/ip_firewall_connection_tracking.md

@@ -0,0 +1,58 @@
+# routeros_ip_firewall_connection_tracking (Resource)
+
+
+## Example Usage
+```terraform
+resource "routeros_ip_firewall_connection_tracking" "data" {
+  enabled = "yes"
+  generic_timeout = "3m"
+  icmp_timeout = "3m"
+  loose_tcp_tracking = "false"
+  tcp_close_timeout = "3m"
+  tcp_close_wait_timeout = "3m"
+  tcp_established_timeout = "3m"
+  tcp_fin_wait_timeout = "3m"
+  tcp_last_ack_timeout = "3m"
+  tcp_max_retrans_timeout = "3m"
+  tcp_syn_received_timeout = "3m"
+  tcp_syn_sent_timeout = "3m"
+  tcp_time_wait_timeout = "3m"
+  tcp_unacked_timeout = "3m"
+  udp_stream_timeout = "3m"
+  udp_timeout = "3m"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `enabled` (String) Allows to disable or enable connection tracking. Disabling connection tracking will cause several firewall features to stop working. 
+				          See the list of affected features. Starting from v6.0rc2 default value is auto. This means that connection tracing is disabled until at least one firewall rule is added.
+- `generic_timeout` (String) Timeout for all other connection entries
+- `icmp_timeout` (String) ICMP connection timeout
+- `loose_tcp_tracking` (String) Disable picking up already established connections
+- `tcp_close_timeout` (String) No documentation
+- `tcp_close_wait_timeout` (String) No documentation
+- `tcp_established_timeout` (String) Time when established TCP connection times out.
+- `tcp_fin_wait_timeout` (String) No documentation
+- `tcp_last_ack_timeout` (String) No documentation
+- `tcp_max_retrans_timeout` (String) No documentation
+- `tcp_syn_received_timeout` (String) TCP SYN timeout.
+- `tcp_syn_sent_timeout` (String) TCP SYN timeout.
+- `tcp_time_wait_timeout` (String) No documentation
+- `tcp_unacked_timeout` (String) No documentation
+- `udp_stream_timeout` (String) Specifies the timeout of UDP connections that has seen packets in both directions
+- `udp_timeout` (String) Specifies the timeout for UDP connections that have seen packets in one direction
+
+### Read-Only
+
+- `active_ipv4` (Boolean) documentation is missing
+- `active_ipv6` (Boolean) documentation is missing
+- `id` (String) The ID of this resource.
+- `max_entries` (String) Max amount of entries that the connection tracking table can hold. This value depends on the installed amount of RAM.
+                          Note that the system does not create a maximum_size connection tracking table when it starts, it may increase if the situation demands it and the system still has free ram, but size will not exceed 1048576
+- `total_entries` (Number) Amount of connections that currently connection table holds.
+
+

package.json

@@ -1,6 +1,6 @@
 {
     "name": "terraform-provider-routeros",
-    "version": "1.16.0",
+    "version": "1.17.0",
     "repository": {
         "type": "git",
         "url": "https://github.com/terraform-routeros/terraform-provider-routeros"