Statistics: Posted by lodex — Tue Apr 02, 2024 12:55 pm
Statistics: Posted by nmt1900 — Tue Apr 02, 2024 12:52 pm
Statistics: Posted by godel0914 — Tue Apr 02, 2024 12:29 pm
Mikrotik has "general rule" about not touching existing configs, except during major upgrades where a config update is necessary. Usually, changing connection tracking settings falls under that "not a major upgrade" category.Well, among other things I just found and fixed the UDP timeout (which is amazing, Mikrotik changing it for new setups but not changing it for existing installations where the user has not changed the default value - talk about breaking systems) which fixed SOME of the issues (RDP it seems).
Now I just read about some MTU trickery broken that "we are not going to fix because we plan to fix it in 7.15" which may well be it.
Given those I am really out of ideas. This is a setup that has been working flawlessly the last years, now I get significant issues down to PING not working over this one router to all machines (which change randomly after hours).
Statistics: Posted by Archous — Tue Apr 02, 2024 12:26 pm
Statistics: Posted by saktie — Tue Apr 02, 2024 12:10 pm
Indeed! As far as I compared, compressed sizes of NPK (main package, wifi-qcom-ac) are nearly comparable to 7.13.x again. Looks promising! Thanks Mikrotik for taking all issue reports on the space-topic seriously!*) system - general work on optimizing the size of RouterOS packages;
Statistics: Posted by infabo — Tue Apr 02, 2024 12:08 pm
Statistics: Posted by kniksc — Tue Apr 02, 2024 12:08 pm
Statistics: Posted by godel0914 — Tue Apr 02, 2024 11:54 am
Statistics: Posted by EdPa — Tue Apr 02, 2024 11:46 am
Statistics: Posted by nz_monkey — Tue Apr 02, 2024 11:41 am
/ip dhcp-server lease add address=SOME_IP_HERE mac-address=SOME_MAC_HERE server=main
Statistics: Posted by kekraiser — Tue Apr 02, 2024 11:36 am
Statistics: Posted by normis — Tue Apr 02, 2024 11:22 am
Statistics: Posted by mkx — Tue Apr 02, 2024 11:20 am
Statistics: Posted by Shambler — Tue Apr 02, 2024 11:17 am
Statistics: Posted by kekraiser — Tue Apr 02, 2024 11:14 am
Statistics: Posted by mkx — Tue Apr 02, 2024 10:40 am
/interface/bridge/host/print where vid=<vlan id>
/interface/ethernet/switch/host/print where vlan-id=<vlan id>
Statistics: Posted by mkx — Tue Apr 02, 2024 10:35 am
Statistics: Posted by normis — Tue Apr 02, 2024 10:32 am
Statistics: Posted by andressis2k — Tue Apr 02, 2024 10:18 am
Statistics: Posted by BlackVS — Tue Apr 02, 2024 10:00 am
Iam trying to look at "Log" tool (for each AP), but there is nothing interested, and no any attempts to device connection. Is there any other wireless log present?include the wireless logs when the device attempts connection
Statistics: Posted by kekraiser — Tue Apr 02, 2024 10:00 am
Statistics: Posted by patrikg — Tue Apr 02, 2024 9:55 am
Statistics: Posted by godel0914 — Tue Apr 02, 2024 9:50 am
Statistics: Posted by An5teifo — Tue Apr 02, 2024 9:42 am
Statistics: Posted by saktie — Tue Apr 02, 2024 9:38 am
Statistics: Posted by tangent — Tue Apr 02, 2024 9:37 am
That isn't a question..Question 2. Fan connector in the front of fan... it is weird
Statistics: Posted by BlackVS — Tue Apr 02, 2024 9:33 am
Statistics: Posted by An5teifo — Tue Apr 02, 2024 9:33 am
Statistics: Posted by normis — Tue Apr 02, 2024 9:31 am
Statistics: Posted by mkx — Tue Apr 02, 2024 9:24 am
Statistics: Posted by mkx — Tue Apr 02, 2024 9:17 am
Statistics: Posted by An5teifo — Tue Apr 02, 2024 9:14 am
Statistics: Posted by normis — Tue Apr 02, 2024 9:14 am
Statistics: Posted by kekraiser — Tue Apr 02, 2024 9:11 am
:global MtmTools;:set ($MtmTools->"hashing") $s;
/system/script/environment/print
Statistics: Posted by merlinthemagic7 — Tue Apr 02, 2024 9:07 am
Statistics: Posted by mkx — Tue Apr 02, 2024 9:06 am
As I already wrote, you CANNOT connect a RB941 to a new AP using station-pseudobridge. That means you CANNOT put the WiFi in the bridge.Thank you. When i changed mode on RB941 from B/G to B/G/N it connected to WiFi. Then i had problem because RB941 didn't want to get IP from DHCP. Then it got IP but i didn't get IP on my laptop that was connected to RB941 even i connected to ether port that was in the same bridge as WiFi.
You would need to buy at least a hAP ax2.Maybe the solution is to buy some news HAP's?
Statistics: Posted by tookiehr — Tue Apr 02, 2024 8:49 am
Statistics: Posted by Amm0 — Tue Apr 02, 2024 8:47 am
Statistics: Posted by jacklandan — Tue Apr 02, 2024 8:29 am
/ip firewall nat add chain=srcnat out-interface-list=WAN ipsec-policy=out,none action=masquerade comment="defconf: masquerade"/ip firewall {filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"filter add chain=input action=accept dst-address=127.0.0.1 comment="defconf: accept to local loopback (for CAPsMAN)"filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop all not coming from LAN"filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept in ipsec policy"filter add chain=forward action=accept ipsec-policy=out,ipsec comment="defconf: accept out ipsec policy"filter add chain=forward action=fasttrack-connection connection-state=established,related comment="defconf: fasttrack"filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related, untracked"filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN comment="defconf: drop all from WAN not DSTNATed"}/ipv6 firewall {address-list add list=bad_ipv6 address=::/128 comment="defconf: unspecified address"address-list add list=bad_ipv6 address=::1 comment="defconf: lo"address-list add list=bad_ipv6 address=fec0::/10 comment="defconf: site-local"address-list add list=bad_ipv6 address=::ffff:0:0/96 comment="defconf: ipv4-mapped"address-list add list=bad_ipv6 address=::/96 comment="defconf: ipv4 compat"address-list add list=bad_ipv6 address=100::/64 comment="defconf: discard only "address-list add list=bad_ipv6 address=2001:db8::/32 comment="defconf: documentation"address-list add list=bad_ipv6 address=2001:10::/28 comment="defconf: ORCHID"address-list add list=bad_ipv6 address=3ffe::/16 comment="defconf: 6bone"filter add chain=input action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"filter add chain=input action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=input action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"filter add chain=input action=accept protocol=udp dst-port=33434-33534 comment="defconf: accept UDP traceroute"filter add chain=input action=accept protocol=udp dst-port=546 src-address=fe80::/10 comment="defconf: accept DHCPv6-Client prefix delegation."filter add chain=input action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"filter add chain=input action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"filter add chain=input action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"filter add chain=input action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"filter add chain=input action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"filter add chain=forward action=accept connection-state=established,related,untracked comment="defconf: accept established,related,untracked"filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"filter add chain=forward action=drop src-address-list=bad_ipv6 comment="defconf: drop packets with bad src ipv6"filter add chain=forward action=drop dst-address-list=bad_ipv6 comment="defconf: drop packets with bad dst ipv6"filter add chain=forward action=drop protocol=icmpv6 hop-limit=equal:1 comment="defconf: rfc4890 drop hop-limit=1"filter add chain=forward action=accept protocol=icmpv6 comment="defconf: accept ICMPv6"filter add chain=forward action=accept protocol=139 comment="defconf: accept HIP"filter add chain=forward action=accept protocol=udp dst-port=500,4500 comment="defconf: accept IKE"filter add chain=forward action=accept protocol=ipsec-ah comment="defconf: accept ipsec AH"filter add chain=forward action=accept protocol=ipsec-esp comment="defconf: accept ipsec ESP"filter add chain=forward action=accept ipsec-policy=in,ipsec comment="defconf: accept all that matches ipsec policy"filter add chain=forward action=drop in-interface-list=!LAN comment="defconf: drop everything else not coming from LAN"}
/interface listadd name=VLAN/interface list memberadd interface=VLAN10 list=VLANadd interface=VLAN11 list=VLAN
/ip firewall filteradd action=drop chain=forward comment="block vlan to lan" in-interface-list=VLAN out-interface-list=LAN/ipv6 firewall filteradd action=drop chain=forward comment="block vlan to lan" in-interface-list=VLAN out-interface-list=LAN
Statistics: Posted by CGGXANNX — Tue Apr 02, 2024 8:05 am
Statistics: Posted by nzlme — Tue Apr 02, 2024 6:53 am
Statistics: Posted by godel0914 — Tue Apr 02, 2024 6:14 am
Yes, the only issue puzzles me would be how come when i added WAN IP : 61.219.84.105 (interface sfp3) into address list,Is everything else working... and the ONLY issue why QuickSet is showing wrong LAN?
/interface bridge set [find name=BridgeLAN] comment=defconf/interface list member set [find list=LAN interface=BridgeLAN] comment=defconf/ip address set [find address=192.168.88.1/24] comment=defconf
Statistics: Posted by Amm0 — Tue Apr 02, 2024 5:30 am
Statistics: Posted by CGGXANNX — Tue Apr 02, 2024 4:58 am
Statistics: Posted by godel0914 — Tue Apr 02, 2024 4:46 am
Statistics: Posted by anav — Tue Apr 02, 2024 4:43 am
Done, thanks for the guidance.(1) Added back NAS on port 443 to the config.
Thanks again for finding out the unnecessary setting, it's inactive and removed.add bridge=BridgeLAN ingress-filtering=no interface=LAN internal-path-cost=10 \
path-cost=10[/i]
There is no such interface!! Removed.
There is a interface-list called LAN, but no interface! What goes under bridge ports are typically etherports and wifiports.
Thanks, i will check around.(3) The Routing is setup such that sfp1 is the primary WAN. Thus we need not do anything special for:
a. all users,, will thus always be routed out WAN1
b. Servers on LAN accessed via WAN1 will have traffic returned out WAN1 ( no mangling required )
c. Servers on LAN accessed via WAN2 will have traffic retured out WAN2.
Statistics: Posted by godel0914 — Tue Apr 02, 2024 4:33 am
Statistics: Posted by petardo — Tue Apr 02, 2024 4:08 am
Statistics: Posted by mantouboji — Tue Apr 02, 2024 3:57 am
Statistics: Posted by aruto77 — Tue Apr 02, 2024 3:44 am
Statistics: Posted by eypi39 — Tue Apr 02, 2024 3:41 am
Statistics: Posted by rudym88 — Tue Apr 02, 2024 2:21 am
Statistics: Posted by anav — Tue Apr 02, 2024 2:00 am
Statistics: Posted by msatter — Tue Apr 02, 2024 1:49 am
Statistics: Posted by gotsprings — Tue Apr 02, 2024 1:48 am
Statistics: Posted by emunt6 — Tue Apr 02, 2024 1:11 am
Statistics: Posted by MTNick — Tue Apr 02, 2024 12:57 am
/interface bridgeadd ingress-filtering=yes name=aBridge protocol-mode=none pvid=11 vlan-filtering=yes/interface vlanadd interface=aBridge name=VLAN100 vlan-id=10add interface=aBridge name=VLAN101 vlan-id=11/interface listadd name=WANadd name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=**** supplicant-identity=MikroTikadd authentication-types=wpa2-psk mode=dynamic-keys name=**** supplicant-identity=MikroTik/interface wirelessset [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=argentina disabled=no frequency=auto installation=indoor mode=\ ap-bridge security-profile=**** ssid=2.4 vlan-id=10 wireless-protocol=802.11set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=20/40/80mhz-XXXX country=argentina disabled=no installation=indoor mode=ap-bridge \ security-profile=**** ssid=5.0 vlan-id=11 wireless-protocol=802.11/ip pooladd name=VLAN10_POOL ranges=192.168.10.100-192.168.10.200add name=VLAN11_POOL ranges=192.168.11.100-192.168.11.200/ip dhcp-serveradd address-pool=VLAN10_POOL disabled=no interface=VLAN10 name=VLAN10_DHCPadd address-pool=VLAN11_POOL disabled=no interface=VLAN11 name=VLAN11_DHCP/interface bridge portadd bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether2 pvid=10add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether3 pvid=10add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan1 pvid=10add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=wlan2 pvid=11add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether4 pvid=11add bridge=aBridge frame-types=admit-only-untagged-and-priority-tagged ingress-filtering=yes interface=ether5 pvid=11/interface bridge vlanadd bridge=aBridge tagged=aBridge vlan-ids=11add bridge=aBridge tagged=aBridge vlan-ids=10/interface list memberadd interface=ether1 list=WANadd interface=VLAN10 list=LANadd interface=VLAN11 list=LAN/ip addressadd address=192.168.10.1/24 interface=VLAN10 network=192.168.10.0add address=192.168.11.1/24 interface=VLAN11 network=192.168.11.0/ip dhcp-clientadd disabled=no interface=ether1/ip dhcp-server networkadd address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1add address=192.168.11.0/24 dns-server=192.168.11.1 gateway=192.168.11.1/ip dnsset allow-remote-requests=yes/ip firewall filteradd action=accept chain=input comment="Allow established and related" connection-state=established,relatedadd action=accept chain=forward connection-state=new in-interface-list=LAN out-interface-list=WAN
Statistics: Posted by 3eff — Tue Apr 02, 2024 12:24 am
# Turris Import by Blacklister and edited by Optio# 20210823 new version that directly downloads from the external server# 20240331 rewritten to fetch the whole file and write it to a local file and then import it# 20240401 avoiding perfect storm by reducing chunkSize when calculation the remainder# 20240402 adding importing new address to temporary list and swap them out with the active list avoiding the list being not active for a short time as possible# also save and display a count of static addresses present in a address-list{# import config - delay for slow routers#:delay 1m:log warning "IP-Blocker script started"/ip firewall address-list:local update do={ :if (heirule != null) do={:set $filtering ", filtering on: $heirule"} :put "Start importing address-list: $listname$filtering" :log warning "Start importing address-list: $listname$filtering" /tool fetch url=$url dst-path="/$listname.txt" as-value # delay to wait file flush after fetch :delay 1 :local filesize [/file get "$listname.txt" size] :local start 0 :local chunkSize 32767;# requested chunk size :local partnumber($filesize / $chunkSize); # how many chunk are chunkSize :local remainder($filesize % ($chunkSize-512)); # the last partly chunk and use reduced chunkSize :if ($remainder > 0) do={ :set partnumber ($partnumber + 1) }; # total number of chunks :local listCount [:len [find list=$listname dynamic]] :put "Deleting $listCount entries (dynamic) from address-list: $listname" :log warning "Deleting $listCount entries (dynamic) from address-list: $listname" :if ($heirule = null) do={:set $heirule "."} # remove the current dynamic entries completely #:do {remove [find where list=$listname dynamic]} on-error={}; :set $listnameTemp ($listname."temp") :for x from=1 to=$partnumber step=1 do={ :local data ([:file read offset=$start chunk-size=$chunkSize file="$listname.txt" as-value]->"data") # Only remove the first line only if you are not at the start of list :if ($start > 0) do={:set data [:pick $data ([:find $data "\n"]+1) [:len $data]]} :while ([:len $data]!=0) do={ :local line [:pick $data 0 [:find $data "\n"]]; # create only once and checked twice as local variable :if ($line~"^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}" && $line~heirule) do={ :local addr [:pick $data 0 [:find $data $delimiter]] :do {add list=$listnameTemp address=$addr comment=$description timeout=$timeout} on-error={}; # on error avoids any panics }; # if IP address && extra filter if present :set data [:pick $data ([:find $data "\n"]+1) [:len $data]]; # removes the just added IP from the data array # Cut of the end of the chunks by removing the last lines...very dirty but it works :if (([:len $data] < 256) && (x < $partnumber)) do={:set data [:toarray ""]} }; # while #:set start ($start + $chunkSize) :set start (($start-512) + $chunkSize); # shifts the subquential starts back with 512 }; #do for x /file remove "$listname.txt" :put "Deleted downloaded file: $listname.txt" :log warning "Deleted downloaded file: $listname.txt" # Swap out temp list and active list, shorten the time the list is empty :do {set list=$listnameTemp [find list=$listname !dynamic]}; # backup any fixed IP addresses to the temporary list :do {remove [find list=$listname]} on-error={}; # empty the complete list :do {set list=$listname [find list=$listnameTemp]} on-error={ :put "Import failed: while swapping out the the old list with the temperorary list: $listname"; :log error "Import failed: while swapping out the the old list with the temperorary list: $listname" } :set $staticCount "" :if ([:len [find list=$listname !dynamic]] > 0) do={:set $staticCount "of which $[:len [find list=$listname !dynamic]] are static addresses"} :if ([:len [find list=$listnameTemp]] < 1) do={ :local listCount [:len [find list=$listname]] :put "Completed updating address-list $listname with $listCount addresses $staticCount" :log warning "Completed updating address-list $listname with $listCount addresses $staticCount" } }; # do$update url=https://iplists.firehol.org/files/firehol_level2.netset delimiter=("\n") listname=z-blocklist-FireHOL-L2 timeout=3d$update url=https://view.sentinel.turris.cz/greylist-data/greylist-latest.csv listname=z-blocklist-Sentinel delimiter=, timeout=8d heirule=http$update url=https://www.spamhaus.org/drop/drop.txt delimiter=("\_") listname=z-blocklist-SpamHaus timeout=3d$update url=https://www.spamhaus.org/drop/edrop.txt delimiter=("\_") listname=z-blocklist-SpamHaus-edrop timeout=3d:log warning message="IP-Blocker script COMPLETED running"}
Statistics: Posted by msatter — Tue Apr 02, 2024 12:13 am
/interface ethernetset [ find default-name=sfp1 ] name=SFPset [ find default-name=ether1 ] name=ether1-NetUnoset [ find default-name=ether2 ] name=ether2-CANTVset [ find default-name=ether3 ] loop-protect=off/interface wireguardadd listen-port=13231 mtu=1420 name=wireguard1/diskset sd1 type=hardwareadd parent=sd1 partition-number=1 partition-offset="4 194 304" \ partition-size="3 960 995 840" type=partitionset usb1 type=hardware/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip pooladd name=default-dhcp ranges=192.168.88.10-192.168.88.254/ip dhcp-serveradd address-pool=default-dhcp interface=bridge lease-time=23h59m59s name=\ defconf/portset 0 name=serial0/routing tableadd disabled=no fib name=NetUnoadd fib name=useWAN2/interface bridge portadd bridge=bridge comment=defconf interface=ether3add bridge=bridge comment=defconf interface=ether4add bridge=bridge comment=defconf interface=ether5add bridge=bridge interface=SFP/ip neighbor discovery-settingsset discover-interface-list=LAN/interface detect-internetset internet-interface-list=WAN lan-interface-list=LAN wan-interface-list=WAN/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether2-CANTV list=WANadd interface=wireguard1 list=LANadd interface=ether1-NetUno list=WAN/interface wireguard peersadd allowed-address=10.20.1.2/32 interface=wireguard1 public-key=\ "VnTNWEPEIGe4ehffWqtG8GdIb+HKxcpSvACRekuVa1I="add allowed-address=10.20.1.3/32 interface=wireguard1 public-key=\ "D2bLdRCWi8QS/xznIUHNzufVZOpwX2pVdnf+0WcNr1k="/ip addressadd address=192.168.88.1/24 comment=defconf interface=bridge network=\ 192.168.88.0add address=10.20.1.1/24 interface=wireguard1 network=10.20.1.0/ip cloudset ddns-enabled=yes ddns-update-interval=5m/ip dhcp-clientadd add-default-route=no interface=ether1-NetUno use-peer-dns=no \ use-peer-ntp=noadd add-default-route=no interface=ether2-CANTV script=":if (\$bound=1) do={/i\ p route set [find dst-address=0.0.0.0/0] gateway=\$\"gateway-address\" ad\ d-distance=2}" use-peer-dns=no use-peer-ntp=no/ip dhcp-server networkadd address=192.168.88.0/24 comment=defconf dns-server=192.168.88.10,1.1.1.1 \ gateway=192.168.88.1/ip dnsset allow-remote-requests=yes servers=8.8.8.8,8.8.4.4/ip dns staticadd address=192.168.88.1 comment=defconf name=router.lan/ip firewall address-listadd address=cloud.mikrotik.com list=MyCloudadd address=cloud2.mikrotik.com list=MyCloud/ip firewall filteradd action=accept chain=input comment="allow WireGuard" dst-port=13231 \ protocol=udpadd action=accept chain=input comment="allow WireGuard traffic" src-address=\ 10.20.1.0/24add action=accept chain=input in-interface=ether1-NetUno src-address-list=\ Accessadd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid disabled=yesadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid disabled=yesadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new disabled=yes in-interface-list=WAN/ip firewall mangleadd action=mark-routing chain=output dst-address-list=MyCloud dst-port=15252 \ new-routing-mark=useWAN2 passthrough=no protocol=udpadd action=mark-connection chain=input connection-mark=no-mark in-interface=\ ether2-CANTV new-connection-mark=incomingWAN2 passthrough=yesadd action=mark-routing chain=output connection-mark=incomingWAN2 \ new-routing-mark=useWAN2 passthrough=noadd action=accept chain=prerouting in-interface=ether1-NetUnoadd action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/0 src-address=192.168.88.0/24add action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/1 src-address=192.168.88.0/24add action=accept chain=prerouting in-interface=ether1-NetUnoadd action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan1_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/0 src-address=192.168.88.0/24add action=mark-connection chain=prerouting dst-address-type=!local \ new-connection-mark=wan2_conn passthrough=yes per-connection-classifier=\ both-addresses-and-ports:2/1 src-address=192.168.88.0/24/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat dst-port=23000 in-interface=ether1-NetUno \ protocol=tcp to-addresses=192.168.88.252 to-ports=80add action=dst-nat chain=dstnat dst-port=24000 in-interface=ether1-NetUno \ protocol=tcp to-addresses=192.168.88.247 to-ports=443add action=dst-nat chain=dstnat dst-port=25000 in-interface=ether1-NetUno \ protocol=udp to-addresses=192.168.88.247 to-ports=5060add action=dst-nat chain=dstnat disabled=yes dst-port=10000-20000 \ in-interface=ether1-NetUno protocol=udp to-addresses=192.168.88.247 \ to-ports=10000-20000/ip routeadd disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.16.0.1 \ routing-table=main suppress-hw-offload=noadd distance=4 dst-address=0.0.0.0/0 gateway=ether2-CANTV routing-table=mainadd dst-address=0.0.0.0/0 gateway=ether2-CANTV routing-table=useWAN2
Statistics: Posted by djferdinad — Tue Apr 02, 2024 12:11 am
Statistics: Posted by emunt6 — Tue Apr 02, 2024 12:04 am
Statistics: Posted by SerZVR — Mon Apr 01, 2024 11:48 pm
Searching before posting is a good habitindefinitely even though I disconnected from the phone. Is there any way to limit this?
Statistics: Posted by Bolendox — Mon Apr 01, 2024 11:41 pm
Statistics: Posted by anav — Mon Apr 01, 2024 10:33 pm
:global MtmFacts;
Statistics: Posted by PackElend — Mon Apr 01, 2024 10:26 pm
Statistics: Posted by Amm0 — Mon Apr 01, 2024 10:25 pm
Statistics: Posted by almdandi — Mon Apr 01, 2024 10:24 pm
Statistics: Posted by und3rd06012 — Mon Apr 01, 2024 10:18 pm
With this solution, I have a result : "$ipaddress"Inside the function, ipaddress is not known so you have refer to it by :global ipaddress.Code::global ipaddress [/queue simple get 1 target];:global test [:global ipaddress; :find $ipaddress "/"];
Couple other things too:
- The first line use "get 1", however that's not an *id so it depends on print being called to establish the index of 1. Using "get ([find]->0)" or "get [find name=queue1]" instead avoid needing.
- There can be multiple "target" from "/queue simple get", and :find does not work with arrays & so need use get the 1st element listed as "target" first
For example,Code::global ipaddresses [/queue simple get [find name=queue1] target]:global ipaddress [:pick $ipaddresses 0 ] :global cidrmark [:find $ipaddress "/"]:put "$[:pick $ipaddress 0 $cidrmark]"
Although these could be a locals and combined:Code:{:local ipaddress ([/queue simple get [find name=queue1] target]->0); :put "$[:pick $ipaddress 0 [:find $ipaddress /]]"}
Statistics: Posted by xaviernuma — Mon Apr 01, 2024 9:53 pm
Statistics: Posted by Amm0 — Mon Apr 01, 2024 9:52 pm
Statistics: Posted by Amm0 — Mon Apr 01, 2024 9:49 pm
Statistics: Posted by ips — Mon Apr 01, 2024 9:32 pm
Statistics: Posted by hatred — Mon Apr 01, 2024 9:32 pm
Statistics: Posted by anav — Mon Apr 01, 2024 9:28 pm
Statistics: Posted by anav — Mon Apr 01, 2024 9:27 pm
Statistics: Posted by petardo — Mon Apr 01, 2024 9:17 pm
interface bridgeadd admin-mac=DC:2C:6E:3B:C7:89 auto-mac=no comment=defconf name=bridge.LAN \ priority=0x1000/interface wireguardadd listen-port=51820 mtu=1420 name=wireguard1/interface listadd comment=defconf name=WANadd comment=defconf name=LAN/interface wireless security-profilesset [ find default=yes ] supplicant-identity=MikroTik/ip pooladd name=dhcp_pool1 ranges=10.0.0.100-10.0.0.199/ip dhcp-serveradd address-pool=dhcp_pool1 interface=bridge.LAN lease-time=1w1d name=dhcp1/queue typeset 0 kind=sfqadd kind=sfq name=qos/queue treeadd bucket-size=0.01 max-limit=190M name=DOWN parent=bridge.LAN queue=defaultadd name="1. VOIP" packet-mark=VOIP parent=DOWN priority=1 queue=defaultadd name="2. DNS" packet-mark=DNS parent=DOWN priority=2 queue=defaultadd name="3. ACK" packet-mark=ACK parent=DOWN priority=3 queue=defaultadd name="4. UDP" packet-mark=UDP parent=DOWN priority=3 queue=defaultadd name="5. ICMP" packet-mark=ICMP parent=DOWN priority=4 queue=defaultadd name="6. HTTP" packet-mark=HTTP parent=DOWN priority=5 queue=defaultadd name="7. HTTP_BIG" packet-mark=HTTP_BIG parent=DOWN priority=6 queue=\ defaultadd name="8. QUIC" packet-mark=QUIC parent=DOWN priority=7 queue=defaultadd name="9. OTHER" packet-mark=OTHER parent=DOWN queue=defaultadd bucket-size=0.01 max-limit=20M name=UP parent=ether1 queue=defaultadd name="1. VOIP_" packet-mark=VOIP parent=UP priority=1 queue=defaultadd name="2. DNS_" packet-mark=DNS parent=UP priority=2 queue=defaultadd name="3. ACK_" packet-mark=ACK parent=UP priority=3 queue=defaultadd name="4. UDP_" packet-mark=UDP parent=UP priority=3 queue=defaultadd name="5. ICMP_" packet-mark=ICMP parent=UP priority=4 queue=defaultadd name="6. HTTP_" packet-mark=HTTP parent=UP priority=5 queue=defaultadd name="7. HTTP_BIG_" packet-mark=HTTP_BIG parent=UP priority=6 queue=\ defaultadd name="8. QUIC_" packet-mark=QUIC parent=UP priority=7 queue=defaultadd name="9. OTHER_" packet-mark=OTHER parent=UP queue=default/interface bridge portadd bridge=bridge.LAN comment=defconf interface=ether3add bridge=bridge.LAN comment=defconf interface=ether4add bridge=bridge.LAN comment=defconf interface=ether5add bridge=bridge.LAN comment=defconf interface=ether6add bridge=bridge.LAN comment=defconf interface=ether7add bridge=bridge.LAN comment=defconf interface=ether8add bridge=bridge.LAN comment=defconf interface=sfp-sfpplus1/ip neighbor discovery-settingsset discover-interface-list=LAN/ip settingsset tcp-syncookies=yes/ipv6 settingsset disable-ipv6=yes/interface list memberadd comment=defconf interface=bridge.LAN list=LANadd comment=defconf interface=ether1 list=WANadd interface=ether2 list=WANadd interface=wireguard1 list=LAN/interface wireguard peersadd allowed-address=172.16.10.2/32 interface=wireguard1 \ public-key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"add allowed-address=172.16.10.3/32 interface=wireguard1 \ public-key="xxxxxxxxxxxxxxxxxxxxxxxx"/ip addressadd address=10.0.0.1/24 comment=defconf interface=bridge.LAN network=10.0.0.0add address=XXXXXXXXX interface=ether1 network=XXXXXXXXXadd address=172.16.10.1/24 interface=wireguard1 network=172.16.10.0/ip dhcp-server networkadd address=10.0.0.0/24 gateway=10.0.0.1/ip dnsset allow-remote-requests=yes servers=1.1.1.1,1.0.0.1/ip firewall address-listadd address=voips.modulus.gr list="Modulus SIP"/ip firewall filteradd action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="Port Scanners to list" \ protocol=tcp psd=21,3s,3,1add action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP FIN stealth scan" \ protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urgadd action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" protocol=\ tcp tcp-flags=fin,psh,urg,!syn,!rst,!ackadd action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="ALL/ALL scan" protocol=tcp \ tcp-flags=fin,syn,rst,psh,ack,urgadd action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="NMAP NULL scan" protocol=tcp \ tcp-flags=!fin,!syn,!rst,!psh,!ack,!urgadd action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/FIN scan" protocol=tcp \ tcp-flags=fin,synadd action=add-src-to-address-list address-list="port scanners" \ address-list-timeout=2w chain=input comment="SYN/RST scan" protocol=tcp \ tcp-flags=syn,rstadd action=accept chain=input comment="WG VPN Rule" dst-port=51820 protocol=\ udpadd action=accept chain=input comment="VPN Allow Rules" dst-port=1701 \ protocol=udpadd action=accept chain=input dst-port=4500 protocol=udpadd action=accept chain=input dst-port=500 protocol=udpadd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=drop chain=input src-address-list="port scanners"add action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1add action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=accept chain=forward comment="defconf: accept in ipsec policy" \ ipsec-policy=in,ipsecadd action=accept chain=forward comment="defconf: accept out ipsec policy" \ ipsec-policy=out,ipsecadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall mangleadd action=mark-connection chain=prerouting comment=DNS connection-state=new \ new-connection-mark=DNS passthrough=yes port=53 protocol=udpadd action=mark-packet chain=prerouting connection-mark=DNS new-packet-mark=\ DNS passthrough=noadd action=mark-connection chain=postrouting connection-state=new \ new-connection-mark=DNS passthrough=yes port=53 protocol=udpadd action=mark-packet chain=postrouting connection-mark=DNS new-packet-mark=\ DNS passthrough=noadd action=mark-connection chain=prerouting comment="VOIP GW" \ new-connection-mark=VOIP passthrough=yes src-address-list="Modulus SIP"add action=mark-connection chain=prerouting comment=VOIP new-connection-mark=\ VOIP passthrough=yes port=\ 6050,5090,5060-5062,50000-50019,50020-50039,50040-50059,9000-10999 \ protocol=udpadd action=mark-packet chain=prerouting connection-mark=VOIP new-packet-mark=\ VOIP passthrough=noadd action=mark-connection chain=prerouting comment=QUIC connection-state=new \ new-connection-mark=QUIC passthrough=yes port=80,443 protocol=udpadd action=mark-packet chain=prerouting connection-mark=QUIC new-packet-mark=\ QUIC passthrough=noadd action=mark-connection chain=prerouting comment=UDP connection-state=new \ new-connection-mark=UDP passthrough=yes protocol=udpadd action=mark-packet chain=prerouting connection-mark=UDP new-packet-mark=\ UDP passthrough=noadd action=mark-connection chain=prerouting comment=ICMP connection-state=new \ new-connection-mark=ICMP passthrough=yes protocol=icmpadd action=mark-packet chain=prerouting connection-mark=ICMP new-packet-mark=\ ICMP passthrough=noadd action=mark-connection chain=postrouting connection-state=new \ new-connection-mark=ICMP passthrough=yes protocol=icmpadd action=mark-packet chain=postrouting connection-mark=ICMP \ new-packet-mark=ICMP passthrough=noadd action=mark-packet chain=postrouting comment=ACK new-packet-mark=ACK \ packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ackadd action=mark-packet chain=prerouting new-packet-mark=ACK packet-size=0-123 \ passthrough=no protocol=tcp tcp-flags=ackadd action=mark-connection chain=prerouting comment=HTTP connection-mark=\ no-mark connection-state=new new-connection-mark=HTTP passthrough=yes \ port=80,443 protocol=tcpadd action=mark-connection chain=prerouting connection-bytes=5000000-0 \ connection-mark=HTTP connection-rate=2M-200M new-connection-mark=HTTP_BIG \ passthrough=yes protocol=tcpadd action=mark-packet chain=prerouting connection-mark=HTTP_BIG \ new-packet-mark=HTTP_BIG passthrough=noadd action=mark-packet chain=prerouting connection-mark=HTTP new-packet-mark=\ HTTP passthrough=noadd action=mark-connection chain=prerouting comment=OTHER connection-state=\ new new-connection-mark=POP3 passthrough=yes port=995,465,587 protocol=\ tcpadd action=mark-packet chain=prerouting connection-mark=POP3 new-packet-mark=\ OTHER passthrough=noadd action=mark-connection chain=prerouting connection-mark=no-mark \ new-connection-mark=OTHER passthrough=yesadd action=mark-packet chain=prerouting connection-mark=OTHER \ new-packet-mark=OTHER passthrough=no/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WAN/ip firewall rawadd action=drop chain=prerouting dst-port=53 in-interface-list=WAN log=yes \ log-prefix="WAN DNS" protocol=udp/ip firewall service-portset sip disabled=yes/ip routeadd disabled=no dst-address=0.0.0.0/0 gateway=XXXXXXXXX routing-table=\ main suppress-hw-offload=no/ip serviceset telnet disabled=yesset ftp disabled=yesset www disabled=yesset ssh disabled=yesset api disabled=yesset api-ssl disabled=yes/ipv6 firewall address-listadd address=::/128 comment="defconf: unspecified address" disabled=yes list=\ bad_ipv6add address=::1/128 comment="defconf: lo" disabled=yes list=bad_ipv6add address=fec0::/10 comment="defconf: site-local" disabled=yes list=\ bad_ipv6add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" disabled=yes \ list=bad_ipv6add address=::/96 comment="defconf: ipv4 compat" disabled=yes list=bad_ipv6add address=100::/64 comment="defconf: discard only " disabled=yes list=\ bad_ipv6add address=2001:db8::/32 comment="defconf: documentation" disabled=yes list=\ bad_ipv6add address=2001:10::/28 comment="defconf: ORCHID" disabled=yes list=bad_ipv6add address=3ffe::/16 comment="defconf: 6bone" disabled=yes list=bad_ipv6/ipv6 firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked disabled=yesadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalid disabled=yesadd action=accept chain=input comment="defconf: accept ICMPv6" disabled=yes \ protocol=icmpv6add action=accept chain=input comment="defconf: accept UDP traceroute" \ disabled=yes port=33434-33534 protocol=udpadd action=accept chain=input comment=\ "defconf: accept DHCPv6-Client prefix delegation." disabled=yes dst-port=\ 546 protocol=udp src-address=fe80::/10add action=accept chain=input comment="defconf: accept IKE" disabled=yes \ dst-port=500,4500 protocol=udpadd action=accept chain=input comment="defconf: accept ipsec AH" disabled=yes \ protocol=ipsec-ahadd action=accept chain=input comment="defconf: accept ipsec ESP" disabled=\ yes protocol=ipsec-espadd action=accept chain=input comment=\ "defconf: accept all that matches ipsec policy" disabled=yes \ ipsec-policy=in,ipsecadd action=drop chain=input comment=\ "defconf: drop everything else not coming from LAN" disabled=yes \ in-interface-list=!LANadd action=accept chain=forward comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untracked disabled=yesadd action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalid disabled=yesadd action=drop chain=forward comment=\ "defconf: drop packets with bad src ipv6" disabled=yes src-address-list=\ bad_ipv6add action=drop chain=forward comment=\ "defconf: drop packets with bad dst ipv6" disabled=yes dst-address-list=\ bad_ipv6add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \ disabled=yes hop-limit=equal:1 protocol=icmpv6add action=accept chain=forward comment="defconf: accept ICMPv6" disabled=yes \ protocol=icmpv6add action=accept chain=forward comment="defconf: accept HIP" disabled=yes \ protocol=139add action=accept chain=forward comment="defconf: accept IKE" disabled=yes \ dst-port=500,4500 protocol=udpadd action=accept chain=forward comment="defconf: accept ipsec AH" disabled=\ yes protocol=ipsec-ahadd action=accept chain=forward comment="defconf: accept ipsec ESP" disabled=\ yes protocol=ipsec-espadd action=accept chain=forward comment=\ "defconf: accept all that matches ipsec policy" disabled=yes \ ipsec-policy=in,ipsecadd action=drop chain=forward comment=\ "defconf: drop everything else not coming from LAN" disabled=yes \ in-interface-list=!LAN/snmpset enabled=yes/tool mac-serverset allowed-interface-list=LAN/tool mac-server mac-winboxset allowed-interface-list=LAN
[Interface]PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxListenPort = 51820Address = 172.16.10.2/32DNS = 1.1.1.1[Peer]PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAllowedIPs = 10.0.0.0/24, 172.16.10.1/32, 0.0.0.0/0Endpoint = xxxxxxxxx:51820
Statistics: Posted by haris013 — Mon Apr 01, 2024 8:33 pm
Statistics: Posted by mman1982 — Mon Apr 01, 2024 8:17 pm
Statistics: Posted by sirbryan — Mon Apr 01, 2024 8:16 pm
Statistics: Posted by GiovanniG — Mon Apr 01, 2024 8:08 pm
Statistics: Posted by r00t — Mon Apr 01, 2024 8:03 pm
Statistics: Posted by morphema — Mon Apr 01, 2024 7:58 pm