Address list jump on next address list option request

Caci99 · Sat Jun 21, 2014 2:29 pm

Hello

I would like to see a feature on address lists, which would enable to add the addresses on one address list to another once the time of the first expires. It is very helpful in configurations where one would like to give time specific services.
For example, if I would want that someone browses whatever.com for 5 min within 1 hour:

/ip firewall mangle
chain=prerouting action=add-src-to-address-list src-address=1.1.1.1 dst-address=2.2.2.2 address-list=5min address-list-timeout=5m next-address-list=1h
/ip firewall filter
add chain=forward src-address-list=1h action=drop

rextended · Sat Jun 21, 2014 5:22 pm

Mmm.... fascinating...

You can use more than one address list to do that, without the new feature requested...

rextended · Sat Jun 21, 2014 5:24 pm

Thanks, your question help me to think one solution for one of my problem...

rextended · Sat Jun 21, 2014 6:36 pm

think about this (is one example, not sure if is written correctly), all feature are already existent:

/ip firewall mangle
chain=prerouting action=add-src-to-address-list src-address=1.1.1.1 dst-address=2.2.2.2 address-list=5min address-list-timeout=5m src-address-list=!1h
If already not is on 1h, add it to 5m, (until is on 1h list, is never added again to 5m list)

chain=prerouting action=add-src-to-address-list src-address=1.1.1.1 dst-address=2.2.2.2 address-list=5min address-list-timeout=1h src-address-list=!1h
If already not is on 1h, add it to 1h

/ip firewall filter
add chain=forward src-address-list=1h action=jump target=listcheck
check all the address already on 1h list, (and also or not on 5m list)

add chain=listcheck src-address-list=!5m action=drop
if not also on 5m list, drop.

add chain=listcheck action=return
follow other rules...

Caci99 · Sat Jun 21, 2014 7:24 pm

Good thinking, but I will try it tomorrow, maybe. Right now I am following world cup

. And you are very generous on carma points, while those should go to you

.
Tuscany eh, been there a couple of times, beatiful.

rextended · Sat Jun 21, 2014 7:32 pm

Good thinking, but I will try it tomorrow, maybe. Right now I am following world cup . And you are very generous on carma points, while those should go to you .
Tuscany eh, been there a couple of times, beatiful.

Se passi da queste parti ci facciamo una bevuta

Ciao!

Caci99 · Thu Jun 26, 2014 2:21 pm

So, I tried it yesterday and today, and here is with what I came out:

/ip firewall mangle
add chain=prerouting action=accept src-address=1.1.1.1 dst-address=2.2.2.2 src-address-list=1h 
add chain=prerouting action=add-src-to-address-list src-address=1.1.1.1 dst-address=2.2.2.2 src-address-list=5min address-list=1h address-list-timeout=1h 
add chain=prerouting action=add-src-to-address-list src-address=1.1.1.1 dst-address=2.2.2.2 src-address-list=!1h address-list=5min address-list-timeout=5m

/ip firewall filter
add chain=forward action=jump jump-target=listcheck dst-address=2.2.2.2 src-address-list=1h
add chain=listcheck action=drop src-address-list=!5min
add chain=listcheck action=return

This way is working as expected. Thank you again
Anyway, I think that if Mikrotik will add this option would be great

Address list jump on next address list option request

Address list jump on next address list option request

Re: Address list jump on next address list option request

Re: Address list jump on next address list option request

Re: Address list jump on next address list option request

Re: Address list jump on next address list option request

Re: Address list jump on next address list option request

Re: Address list jump on next address list option request

Who is online