"ip firewall mangle" dont works as expected in script

CristianDeluxe · November 18, 2010, 12:02pm

Hi, i have a script that enable or disable the packet mangle filtering if traffic is low.

One of my scripts enable a mangle rule that accepts all packets, if i use

“/ip firewall mangle enable numbers=1;” in console, it works correctly but if i use this same command in a script, it enable the mangle number selected + 1 (in this example 2)

I’ve recorded a screencast with the problem:

http://www.screentoaster.com/watch/stWEtXRENIR1BfQFVcUlJeXlVd

is this a problem? or in script i have to do: (mangle number - 1)?

Thanks

CristianDeluxe · November 18, 2010, 12:17pm

More info, if i put in my script:

“/ip firewall mangle enable numbers=0;”

Occurs an error in the log that says:

“ppp → script error: no such item (4)”

fewi · November 18, 2010, 2:18pm

Don’t use number indices in scripts. They are for humans only. Set a comment on the mangle rule and find the rule based on that. If the comment is “this one”:

/ip fir man en [/ip fir man find com="this one"]

CristianDeluxe · November 23, 2010, 4:45pm

Thanks!, ill try to do it this way

CristianDeluxe · November 24, 2010, 5:53pm

i tried this:

Mangle rule:

add action=accept chain=prerouting comment=filteronoff disabled=yes

Test Script:

:local TestVar [/ip firewall mangle find comment="filteronoff" disabled];

:if ($TestVar = true ) do={
:log warning "true";
} else={
:log warning "false";
}

And always return false (if i enable or disable the mangle rule), i’ve tried change the comment too but any string work

fewi · November 24, 2010, 6:03pm

What is that code supposed to do? It doesn’t make any sense as it’s written, and doesn’t do what your initial request was - disable or enable a rule from a script.

CristianDeluxe · November 24, 2010, 7:02pm

Before enable or disable my (accept all) rule i first check if mangle rule is enabled.

If mangle rule is disabled i make another checks and if the traffic in a interface is high i disable this rule and the router start to mark and filter packet.

So i make this check first with:

:local savelog true;
:local msglog;
:global FiltroOn;

:set checkEnabled [/ip firewall mangle get number=1 disabled];
:if ($checkEnabled = true ) do={
:set msglog ($msglog ."[CheckFilter] Filter: Enabled. Router is filtering the traffic\n");
:set FiltroOn true;
} else={
:set msglog ($msglog ."[CheckFilter] Filter: Enabled. Router is NOT filtering the traffic\n");
:set FiltroOn false;
}

:if ($savelog = true ) do={
:log warning $msglog;
}

But when i try to enable the rule it fails at i say at the first post.

Thanks

fewi · November 24, 2010, 7:06pm

To enable a mangle rule that has a comment of “filteronoff” set, use:

/ip firewall mangle enable [/ip firewall mangle find comment="filteronoff"];

To disable the same rule, use:

/ip firewall mangle disable [/ip firewall mangle find comment="filteronoff"];

CristianDeluxe · November 26, 2010, 10:41am

Thanks again! i was asking in my last post the command for check if the mangle rule is enabled or not, here is the command thats now works for me:

/ip firewall mangle get value-name=disabled [/ip firewall mangle find comment="filteronoff"];

And after check if the rule is enabled or not with this command, then i can enable or disable it with your command.

Thanks!!! is what i needed