Community discussions

Search found 13 matches

by Sonnix
Sat Aug 31, 2019 5:20 pm
Forum: General
Topic: Address list limitations on number of entries
Replies: 2
Views: 338

Re: Address list limitations on number of entries

Some parts of the list are continuous and can be shortened like this, but most of them are not. I also want to avoid routing extra addresses through this connection.
I get this addresses from a third party automatically and I want to avoid modifying it on my part as much as possible.
by Sonnix
Sat Aug 31, 2019 5:00 pm
Forum: General
Topic: Address list limitations on number of entries
Replies: 2
Views: 338

Address list limitations on number of entries

I am using address list to route some traffic through separate connection. My current list contains 1019618 entries. I've uploaded this list to my RB3011UiAS. After reboot my pppoe connection to my ISP disappeared from interfaces list. I did not notice any changes to other settings. If I try to crea...
by Sonnix
Mon Jul 01, 2019 7:07 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 152240

Re: RouterOS v7.0 beta1 - when?

If you are talking about SACK panic, then all Linux version starting from 2.6.29 are affected.
It was fixed in 5.1.11 and even that kernel can be considered old now. The current version is 5.1.15 right now.
by Sonnix
Thu Jun 20, 2019 6:57 pm
Forum: General
Topic: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
Replies: 15
Views: 2881

Re: Linux vulnerabilities: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

If I want to protect Linux hosts behind MikroTik that I can't patch at the moment would something like this work: /ip firewall mangle add action=change-mss chain=forward in-interface=WAN new-mss=552 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1-255 Or is it better to use the proposed drop sol...
by Sonnix
Thu Feb 28, 2019 2:55 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 152240

Re: RouterOS v7.0 beta1 - when?

It is not never. I suggested to stop worrying about it and use v6. About the features, which features do you need? Remember that MikroTik does not implement features by demand. It might not be feasible or possible to make something. Everything has to be evaluated individually. The feature I'm perso...
by Sonnix
Thu Feb 28, 2019 1:48 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 152240

Re: RouterOS v7.0 beta1 - when?

If release date for v7 is 'never' than the answer we wanted to hear is the release date for every requested feature. Or if there is no release date and we should not expect it in near future then we wanted to hear an answer 'never' for that feature instead 'it well be in v7'. Just stop mentioning v7...
by Sonnix
Wed Feb 27, 2019 9:47 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 152240

Re: RouterOS v7.0 beta1 - when?

Since there is no v7 can we get a road map for udp support for openvpn which was requested 10 years ago? Or multi-thread BGP? Or for any other similar request? Because in threads like that we get an answer that it will be added in v7. So we start asking for v7. And now we get an answer that there is...
by Sonnix
Sun Jul 23, 2017 1:30 pm
Forum: Scripting
Topic: How do I run a custom binary?
Replies: 19
Views: 2949

Re: How do I run a custom binary?

Sonnix. If you think that running any code inside router is good idea with no influence on security then please read these xamples: https://forum.mikrotik.com/viewtopic.php?f=21&t=119308&hilit=vulnerability https://forum.mikrotik.com/viewtopic.php?f=2&t=120746&p=593793&hilit=vulnerability#p593793 h...
by Sonnix
Sun Jul 23, 2017 12:32 pm
Forum: Scripting
Topic: How do I run a custom binary?
Replies: 19
Views: 2949

Re: How do I run a custom binary?

The problem with this solution is that it's only easy to enable the console through metarouter. And if you have metarouter setup then it's easier and more convenient to use just that. But as far as I see metarouter only works on single core cpus. I have RB3011UiAS-RM and there is still no metarouter...
by Sonnix
Sun Jul 23, 2017 1:50 am
Forum: Scripting
Topic: How do I run a custom binary?
Replies: 19
Views: 2949

Re: How do I run a custom binary?

Running my own software has nothing to do with security. And running a binary is no different than running a script. It just gives more flexibility. By your logic ordinary server that runs custom software is insecure. And that is pretty much any server. Besides there is already a backdoor in RouterO...
by Sonnix
Sat Jul 22, 2017 10:35 pm
Forum: Scripting
Topic: How do I run a custom binary?
Replies: 19
Views: 2949

Re: How do I run a custom binary?

RouterOS is a closed platform. You can not run a 3rd party binary.
I am not talking about modifying RouterOS itself. I am asking how can I call my own binary which should be compatible with the platform from a script.
by Sonnix
Sat Jul 22, 2017 9:24 pm
Forum: Scripting
Topic: How do I run a custom binary?
Replies: 19
Views: 2949

How do I run a custom binary?

I have an application written in Go that I want to run directly on routerboard. Go produces single binary with all dependencies statically linked which does not require any system libraries. This binary worked on most mips and arm based routers without any problems and without a need for any custom ...
by Sonnix
Tue Jul 18, 2017 6:41 pm
Forum: Scripting
Topic: Download large array of data from remote server to use in a script
Replies: 0
Views: 203

Download large array of data from remote server to use in a script

I am trying to create a script that would download a list of ip addresses from server and then would add routing rules based on that list. Is there a way to fetch page contents directly into variable? I'm looking for something equivalent to $(wget -qO- http://server) The list is quite large (~1Mb) s...