Statistics: Posted by igorr29 — Tue Apr 02, 2024 1:56 pm
Statistics: Posted by quackyo — Tue Apr 02, 2024 1:48 pm
:foreach i in=[/interface/wireguard/peers/find where disabled=no endpoint-address~"[a-z]\$"] do={ :local LastHandshake [/interface/wireguard/peers/get $i last-handshake] :if (([:tostr $LastHandshake] = "") or ($LastHandshake > [:totime "5m"])) do={ :log info "WG-iface-restart script found WG peers with last handshake greater than 5 minutes; then reset the endpoint-address to reload dns of endpoint" /interface/wireguard/peers/set $i endpoint-address=[/interface/wireguard/peers/get $i endpoint-address] :local endpoint [/interface/wireguard/peers/get $i endpoint-address] :log info "WG-iface-restart script found WG peer with last handshake greater than 5 minutes; then reset the endpoint-address to reload dns of endpoint: $endpoint" }}
Statistics: Posted by Josephny — Tue Apr 02, 2024 1:37 pm
Statistics: Posted by rpingar — Tue Apr 02, 2024 1:24 pm
Most important are the stuff in Bold. If that is wrong or missing, stuff does not work.script,info serial=75B70647AAAA MikroTik: .id=*5;activity=;blocked=false;bytes-down=0;bytes-up=0;disabled=false;dynamic=true;inactive=false;ip-address=192.168.10.241;limited=false;mac-address=D8:9E:CC:CC:CC:10;name=;rate-down=0;rate-up=0;script=kids;user=
Statistics: Posted by Jotne — Tue Apr 02, 2024 1:18 pm
Statistics: Posted by nz_monkey — Tue Apr 02, 2024 1:16 pm
Statistics: Posted by lodex — Tue Apr 02, 2024 12:55 pm
Statistics: Posted by nmt1900 — Tue Apr 02, 2024 12:52 pm
Statistics: Posted by godel0914 — Tue Apr 02, 2024 12:29 pm
Mikrotik has "general rule" about not touching existing configs, except during major upgrades where a config update is necessary. Usually, changing connection tracking settings falls under that "not a major upgrade" category.Well, among other things I just found and fixed the UDP timeout (which is amazing, Mikrotik changing it for new setups but not changing it for existing installations where the user has not changed the default value - talk about breaking systems) which fixed SOME of the issues (RDP it seems).
Now I just read about some MTU trickery broken that "we are not going to fix because we plan to fix it in 7.15" which may well be it.
Given those I am really out of ideas. This is a setup that has been working flawlessly the last years, now I get significant issues down to PING not working over this one router to all machines (which change randomly after hours).
Statistics: Posted by Archous — Tue Apr 02, 2024 12:26 pm
Statistics: Posted by saktie — Tue Apr 02, 2024 12:10 pm
Indeed! As far as I compared, compressed sizes of NPK (main package, wifi-qcom-ac) are nearly comparable to 7.13.x again. Looks promising! Thanks Mikrotik for taking all issue reports on the space-topic seriously!*) system - general work on optimizing the size of RouterOS packages;
Statistics: Posted by infabo — Tue Apr 02, 2024 12:08 pm
Statistics: Posted by kniksc — Tue Apr 02, 2024 12:08 pm
Statistics: Posted by godel0914 — Tue Apr 02, 2024 11:54 am
Statistics: Posted by EdPa — Tue Apr 02, 2024 11:46 am
Statistics: Posted by nz_monkey — Tue Apr 02, 2024 11:41 am
/ip dhcp-server lease add address=SOME_IP_HERE mac-address=SOME_MAC_HERE server=main
Statistics: Posted by kekraiser — Tue Apr 02, 2024 11:36 am
Statistics: Posted by normis — Tue Apr 02, 2024 11:22 am
Statistics: Posted by mkx — Tue Apr 02, 2024 11:20 am
Statistics: Posted by Shambler — Tue Apr 02, 2024 11:17 am
Statistics: Posted by kekraiser — Tue Apr 02, 2024 11:14 am
Statistics: Posted by mkx — Tue Apr 02, 2024 10:40 am
/interface/bridge/host/print where vid=<vlan id>
/interface/ethernet/switch/host/print where vlan-id=<vlan id>
Statistics: Posted by mkx — Tue Apr 02, 2024 10:35 am
Statistics: Posted by normis — Tue Apr 02, 2024 10:32 am
Statistics: Posted by andressis2k — Tue Apr 02, 2024 10:18 am
Statistics: Posted by BlackVS — Tue Apr 02, 2024 10:00 am
Iam trying to look at "Log" tool (for each AP), but there is nothing interested, and no any attempts to device connection. Is there any other wireless log present?include the wireless logs when the device attempts connection
Statistics: Posted by kekraiser — Tue Apr 02, 2024 10:00 am
Statistics: Posted by patrikg — Tue Apr 02, 2024 9:55 am
Statistics: Posted by godel0914 — Tue Apr 02, 2024 9:50 am
Statistics: Posted by An5teifo — Tue Apr 02, 2024 9:42 am
Statistics: Posted by saktie — Tue Apr 02, 2024 9:38 am
Statistics: Posted by tangent — Tue Apr 02, 2024 9:37 am
That isn't a question..Question 2. Fan connector in the front of fan... it is weird
Statistics: Posted by BlackVS — Tue Apr 02, 2024 9:33 am
Statistics: Posted by An5teifo — Tue Apr 02, 2024 9:33 am
Statistics: Posted by normis — Tue Apr 02, 2024 9:31 am
Statistics: Posted by mkx — Tue Apr 02, 2024 9:24 am
Statistics: Posted by mkx — Tue Apr 02, 2024 9:17 am
Statistics: Posted by An5teifo — Tue Apr 02, 2024 9:14 am
Statistics: Posted by normis — Tue Apr 02, 2024 9:14 am
Statistics: Posted by kekraiser — Tue Apr 02, 2024 9:11 am
:global MtmTools;:set ($MtmTools->"hashing") $s;
/system/script/environment/print
Statistics: Posted by merlinthemagic7 — Tue Apr 02, 2024 9:07 am
Statistics: Posted by mkx — Tue Apr 02, 2024 9:06 am
As I already wrote, you CANNOT connect a RB941 to a new AP using station-pseudobridge. That means you CANNOT put the WiFi in the bridge.Thank you. When i changed mode on RB941 from B/G to B/G/N it connected to WiFi. Then i had problem because RB941 didn't want to get IP from DHCP. Then it got IP but i didn't get IP on my laptop that was connected to RB941 even i connected to ether port that was in the same bridge as WiFi.
You would need to buy at least a hAP ax2.Maybe the solution is to buy some news HAP's?
Statistics: Posted by tookiehr — Tue Apr 02, 2024 8:49 am
Statistics: Posted by Amm0 — Tue Apr 02, 2024 8:47 am
Statistics: Posted by jacklandan — Tue Apr 02, 2024 8:29 am
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"/ip firewall {filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"}/ipv6 firewall {address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address"address-list add list=bad_ipv6 address=::1 comment="defconf: lo"address-list add list=bad_ipv6 address=fec0::/10 comment="defconf: site-local"address-list add list=bad_ipv6 address=::ffff:0:0/96 comment="defconf: ipv4-mapped"address-list add list=bad_ipv6 address=::/96 comment="defconf: ipv4 compat"address-list add list=bad_ipv6 address=100::/64 comment="defconf: discard only "address-list add list=bad_ipv6 address=2001:db8::/32 comment="defconf: documentation"address-list add list=bad_ipv6 address=2001:10::/28 comment="defconf: ORCHID"address-list add list=bad_ipv6 address=3ffe::/16 comment="defconf: 6bone"filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=input action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"filter add chain=input action=accept protocol=udp dst-port=33434-33534 comment="defconf: accept UDP traceroute"filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."filter add chain=input action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"filter add chain=input action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"filter add chain=input action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"filter add chain=input action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=forward action=drop src-address-list=bad_ipv6 comment="defconf: drop packets with bad src ipv6"filter add chain=forward action=drop dst-address-list=bad_ipv6 comment="defconf: drop packets with bad dst ipv6"filter add chain=forward action=drop protocol=icmpv6 hop-limit=equal:1 comment="defconf: rfc4890 drop hop-limit=1"filter add chain=forward action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"filter add chain=forward action=accept protocol=139 comment="defconf: accept HIP"filter add chain=forward action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"filter add chain=forward action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"filter add chain=forward action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"filter add chain=forward action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"}
/interface listadd name=VLAN/interface list memberadd interface=VLAN10 list=VLANadd interface=VLAN11 list=VLAN
/ip firewall filteradd action=drop chain=forward comment="block vlan to lan" in-interface-list=VLAN out-interface-list=LAN/ipv6 firewall filteradd action=drop chain=forward comment="block vlan to lan" in-interface-list=VLAN out-interface-list=LAN
Statistics: Posted by CGGXANNX — Tue Apr 02, 2024 8:05 am
Statistics: Posted by nzlme — Tue Apr 02, 2024 6:53 am
Statistics: Posted by godel0914 — Tue Apr 02, 2024 6:14 am
Yes, the only issue puzzles me would be how come when i added WAN IP : 61.219.84.105 (interface sfp3) into address list,Is everything else working... and the ONLY issue why QuickSet is showing wrong LAN?
/interface bridge set [find name=BridgeLAN] comment=defconf/interface list member set [find list=LAN interface=BridgeLAN] comment=defconf/ip address set [find address=192.168.88.1/24] comment=defconf
Statistics: Posted by Amm0 — Tue Apr 02, 2024 5:30 am
Statistics: Posted by CGGXANNX — Tue Apr 02, 2024 4:58 am
Statistics: Posted by godel0914 — Tue Apr 02, 2024 4:46 am
Statistics: Posted by anav — Tue Apr 02, 2024 4:43 am
Done, thanks for the guidance.(1) Added back NAS on port 443 to the config.
Thanks again for finding out the unnecessary setting, it's inactive and removed.add bridge=BridgeLAN ingress-filtering=no interface=LAN internal-path-cost=10 \
path-cost=10[/i]
There is no such interface!! Removed.
There is a interface-list called LAN, but no interface! What goes under bridge ports are typically etherports and wifiports.
Thanks, i will check around.(3) The Routing is setup such that sfp1 is the primary WAN. Thus we need not do anything special for:
a. all users,, will thus always be routed out WAN1
b. Servers on LAN accessed via WAN1 will have traffic returned out WAN1 ( no mangling required )
c. Servers on LAN accessed via WAN2 will have traffic retured out WAN2.
Statistics: Posted by godel0914 — Tue Apr 02, 2024 4:33 am
Statistics: Posted by petardo — Tue Apr 02, 2024 4:08 am
Statistics: Posted by mantouboji — Tue Apr 02, 2024 3:57 am
Statistics: Posted by aruto77 — Tue Apr 02, 2024 3:44 am
Statistics: Posted by eypi39 — Tue Apr 02, 2024 3:41 am
Statistics: Posted by rudym88 — Tue Apr 02, 2024 2:21 am
Statistics: Posted by anav — Tue Apr 02, 2024 2:00 am
Statistics: Posted by msatter — Tue Apr 02, 2024 1:49 am
Statistics: Posted by gotsprings — Tue Apr 02, 2024 1:48 am
Statistics: Posted by emunt6 — Tue Apr 02, 2024 1:11 am
Statistics: Posted by MTNick — Tue Apr 02, 2024 12:57 am
/interface bridgeadd ingress-filtering=yes name=aBridge protocol-mode=none pvid=11 vlan-filtering=yes/interface vlanadd interface=aBridge name=VLAN100 vlan-id=10add interface=aBridge name=VLAN101 vlan-id=11/interface listadd name=WANadd name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=**** supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=**** supplicant-identity=MikroTik/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=argentina disabled=no frequency=auto installation=indoor mode=\ ap-bridge security-profile=**** ssid=2.4 vlan-id=10 wireless-protocol=802.11set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=argentina disabled=no installation=indoor mode=ap-bridge \ security-profile=**** ssid=5.0 vlan-id=11 wireless-protocol=802.11/ip pooladd name=VLAN10_POOL ranges=192.168.10.100-192.168.10.200add name=VLAN11_POOL ranges=192.168.11.100-192.168.11.200/ip dhcp-serveradd address-pool=VLAN10_POOL disabled=no interface=VLAN10 name=VLAN10_DHCPadd address-pool=VLAN11_POOL disabled=no interface=VLAN11 name=VLAN11_DHCP/interface bridge portadd bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=10add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=10add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan1 pvid=10add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan2 pvid=11add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=11add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=11/interface bridge vlanadd bridge=aBridge tagged=aBridge vlan-ids=11add bridge=aBridge tagged=aBridge vlan-ids=10/interface list memberadd interface=ether1 list=WANadd interface=VLAN10 list=LANadd interface=VLAN11 list=LAN/ip addressadd address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0/ip dhcp-clientadd disabled=no interface=ether1/ip dhcp-server networkadd address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1/ip dnsset allow-remote-requests=yes/ip firewall filteradd action=accept chain=input comment="Allow established and related" connection-state=established,relatedadd action=accept chain=forward connection-state=new in-interface-list=LAN out-interface-list=WAN
Statistics: Posted by 3eff — Tue Apr 02, 2024 12:24 am
# Turris Import by Blacklister and edited by Optio# 20210823 new version that directly downloads from the external server# 20240331 rewritten to fetch the whole file and write it to a local file and then import it# 20240401 avoiding perfect storm by reducing chunkSize when calculation the remainder# 20240402 adding importing new address to temporary list and swap them out with the active list avoiding the list being not active for a short time as possible# also save and display a count of static addresses present in a address-list{# import config - delay for slow routers#:delay 1m:log warning "IP-Blocker script started"/ip firewall address-list:local update do={ :if (heirule != null) do={:set $filtering ", filtering on: $heirule"} :put "Start importing address-list: $listname$filtering" :log warning "Start importing address-list: $listname$filtering" /tool fetch url=$url dst-path="/$listname.txt" as-value # delay to wait file flush after fetch :delay 1 :local filesize [/file get "$listname.txt" size] :local start 0 :local chunkSize 32767;# requested chunk size :local partnumber($filesize / $chunkSize); # how many chunk are chunkSize :local remainder($filesize % ($chunkSize-512)); # the last partly chunk and use reduced chunkSize :if ($remainder > 0) do={ :set partnumber ($partnumber + 1) }; # total number of chunks :local listCount [:len [find list=$listname dynamic]] :put "Deleting $listCount entries (dynamic) from address-list: $listname" :log warning "Deleting $listCount entries (dynamic) from address-list: $listname" :if ($heirule = null) do={:set $heirule "."} # remove the current dynamic entries completely #:do {remove [find where list=$listname dynamic]} on-error={}; :set $listnameTemp ($listname."temp") :for x from=1 to=$partnumber step=1 do={ :local data ([:file read offset=$start chunk-size=$chunkSize file="$listname.txt" as-value]->"data") # Only remove the first line only if you are not at the start of list :if ($start > 0) do={:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]} :while ([:len $data]!=0) do={ :local line [:pick $data 0 [:find $data "\n"]]; # create only once and checked twice as local variable :if ($line~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}" && $line~heirule) do={ :local addr [:pick $data 0 [:find $data $delimiter]] :do {add list=$listnameTemp address=$addr comment=$description timeout=$timeout} on-error={}; # on error avoids any panics }; # if IP address && extra filter if present :set data [:pick $data ([:find $data "\n"]+1) [:len $data]]; # removes the just added IP from the data array # Cut of the end of the chunks by removing the last lines...very dirty but it works :if (([:len $data] < 256) && (x < $partnumber)) do={:set data [:toarray ""]} }; # while #:set start ($start + $chunkSize) :set start (($start-512) + $chunkSize); # shifts the subquential starts back with 512 }; #do for x /file remove "$listname.txt" :put "Deleted downloaded file: $listname.txt" :log warning "Deleted downloaded file: $listname.txt" # Swap out temp list and active list, shorten the time the list is empty :do {set list=$listnameTemp [find list=$listname !dynamic]}; # backup any fixed IP addresses to the temporary list :do {remove [find list=$listname]} on-error={}; # empty the complete list :do {set list=$listname [find list=$listnameTemp]} on-error={ :put "Import failed: while swapping out the the old list with the temperorary list: $listname"; :log error "Import failed: while swapping out the the old list with the temperorary list: $listname" } :set $staticCount "" :if ([:len [find list=$listname !dynamic]] > 0) do={:set $staticCount "of which $[:len [find list=$listname !dynamic]] are static addresses"} :if ([:len [find list=$listnameTemp]] < 1) do={ :local listCount [:len [find list=$listname]] :put "Completed updating address-list $listname with $listCount addresses $staticCount" :log warning "Completed updating address-list $listname with $listCount addresses $staticCount" } }; # do$update url=https://iplists.firehol.org/files/firehol_level2.netset delimiter=("\n") listname=z-blocklist-FireHOL-L2 timeout=3d$update url=https://view.sentinel.turris.cz/greylist-data/greylist-latest.csv listname=z-blocklist-Sentinel delimiter=, timeout=8d heirule=http$update url=https://www.spamhaus.org/drop/drop.txt delimiter=("\_") listname=z-blocklist-SpamHaus timeout=3d$update url=https://www.spamhaus.org/drop/edrop.txt delimiter=("\_") listname=z-blocklist-SpamHaus-edrop timeout=3d:log warning message="IP-Blocker script COMPLETED running"}
Statistics: Posted by msatter — Tue Apr 02, 2024 12:13 am
/interface ethernetset [ find default-name=sfp1 ] name=SFPset [ find default-name=ether1 ] name=ether1-NetUnoset [ find default-name=ether2 ] name=ether2-CANTVset [ find default-name=ether3 ] loop-protect=off/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/diskset sd1 type=hardwareadd parent=sd1 partition-number=1 partition-offset="4 194 304" \ partition-size="3 960 995 840" type=partitionset usb1 type=hardware/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge lease-time=23h59m59s name=\ defconf/portset 0 name=serial0/routing tableadd disabled=no fib name=NetUnoadd fib name=useWAN2/interface bridge portadd bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge interface=SFP/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether2-CANTV list=WANadd interface=wireguard1 list=LANadd interface=ether1-NetUno list=WAN/interface wireguard peersadd allowed-address=10.20.1.2/32 interface=wireguard1 public-key=\ "VnTNWEPEIGe4ehffWqtG8GdIb+HKxcpSvACRekuVa1I="add allowed-address=10.20.1.3/32 interface=wireguard1 public-key=\ "D2bLdRCWi8QS/xznIUHNzufVZOpwX2pVdnf+0WcNr1k="/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0add address=10.20.1.1/24 interface=wireguard1 network=10.20.1.0/ip cloudset ddns-enabled=yes ddns-update-interval=5m/ip dhcp-clientadd add-default-route=no interface=ether1-NetUno use-peer-dns=no \ use-peer-ntp=noadd add-default-route=no interface=ether2-CANTV script=":if (\$bound=1) do={/i\ p route set [find dst-address=0.0.0.0/0] gateway=\$\"gateway-address\" ad\ d-distance=2}" use-peer-dns=no use-peer-ntp=no/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.10,1.1.1.1 \ gateway=192.168.88.1/ip dnsset allow-remote-requests=yes servers=8.8.8.8,8.8.4.4/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall address-listadd address=cloud.mikrotik.com list=MyCloudadd address=cloud2.mikrotik.com list=MyCloud/ip firewall filteradd action=accept chain=input comment="allow WireGuard" dst-port=13231 \ protocol=udpadd action=accept chain=input comment="allow WireGuard traffic" src-address=\ 10.20.1.0/24add action=accept chain=input in-interface=ether1-NetUno src-address-list=\ Accessadd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid disabled=yesadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid disabled=yesadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new disabled=yes in-interface-list=WAN/ip firewall mangleadd action=mark-routing chain=output dst-address-list=MyCloud dst-port=15252 \ new-routing-mark=useWAN2 passthrough=no protocol=udpadd action=mark-connection chain=input connection-mark=no-mark in-interface=\ ether2-CANTV new-connection-mark=incomingWAN2 passthrough=yesadd action=mark-routing chain=output connection-mark=incomingWAN2 \ new-routing-mark=useWAN2 passthrough=noadd action=accept chain=prerouting in-interface=ether1-NetUnoadd action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/0 src-address=192.168.88.0/24add action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/1 src-address=192.168.88.0/24add action=accept chain=prerouting in-interface=ether1-NetUnoadd action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/0 src-address=192.168.88.0/24add action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/1 src-address=192.168.88.0/24/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat dst-port=23000 in-interface=ether1-NetUno \ protocol=tcp to-addresses=192.168.88.252 to-ports=80add action=dst-nat chain=dstnat dst-port=24000 in-interface=ether1-NetUno \ protocol=tcp to-addresses=192.168.88.247 to-ports=443add action=dst-nat chain=dstnat dst-port=25000 in-interface=ether1-NetUno \ protocol=udp to-addresses=192.168.88.247 to-ports=5060add action=dst-nat chain=dstnat disabled=yes dst-port=10000-20000 \ in-interface=ether1-NetUno protocol=udp to-addresses=192.168.88.247 \ to-ports=10000-20000/ip routeadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 \ routing-table=main suppress-hw-offload=noadd distance=4 dst-address=0.0.0.0/0 gateway=ether2-CANTV routing-table=mainadd dst-address=0.0.0.0/0 gateway=ether2-CANTV routing-table=useWAN2
Statistics: Posted by djferdinad — Tue Apr 02, 2024 12:11 am
Statistics: Posted by emunt6 — Tue Apr 02, 2024 12:04 am
Statistics: Posted by SerZVR — Mon Apr 01, 2024 11:48 pm
Searching before posting is a good habitindefinitely even though I disconnected from the phone. Is there any way to limit this?
Statistics: Posted by Bolendox — Mon Apr 01, 2024 11:41 pm
Statistics: Posted by anav — Mon Apr 01, 2024 10:33 pm
:global MtmFacts;
Statistics: Posted by PackElend — Mon Apr 01, 2024 10:26 pm
Statistics: Posted by Amm0 — Mon Apr 01, 2024 10:25 pm
Statistics: Posted by almdandi — Mon Apr 01, 2024 10:24 pm
Statistics: Posted by und3rd06012 — Mon Apr 01, 2024 10:18 pm
With this solution, I have a result : "$ipaddress"Inside the function, ipaddress is not known so you have refer to it by :global ipaddress.Code::global ipaddress [/queue simple get 1 target];:global test [:global ipaddress; :find $ipaddress "/"];
Couple other things too:
- The first line use "get 1", however that's not an *id so it depends on print being called to establish the index of 1. Using "get ([find]->0)" or "get [find name=queue1]" instead avoid needing.
- There can be multiple "target" from "/queue simple get", and :find does not work with arrays & so need use get the 1st element listed as "target" first
For example,Code::global ipaddresses [/queue simple get [find name=queue1] target]:global ipaddress [:pick $ipaddresses 0 ] :global cidrmark [:find $ipaddress "/"]:put "$[:pick $ipaddress 0 $cidrmark]"
Although these could be a locals and combined:Code:{:local ipaddress ([/queue simple get [find name=queue1] target]->0); :put "$[:pick $ipaddress 0 [:find $ipaddress /]]"}
Statistics: Posted by xaviernuma — Mon Apr 01, 2024 9:53 pm
Statistics: Posted by Amm0 — Mon Apr 01, 2024 9:52 pm
Statistics: Posted by Amm0 — Mon Apr 01, 2024 9:49 pm
Statistics: Posted by ips — Mon Apr 01, 2024 9:32 pm
Statistics: Posted by hatred — Mon Apr 01, 2024 9:32 pm
Statistics: Posted by anav — Mon Apr 01, 2024 9:28 pm