MikroTik

rextended

I hope that my point of view is clear to you.

rextended

Please define "inverted design", otherwise I can't understand what you mean, it gives rise to too many different interpretations. I hope you don't mean block what you need to block, but allow everything at the end ... It's weakness is novices break it more readily than an inverted design. ...

rextended

It is used to allow the blind deaf and dumb user to access internet for the most part safely and in this it succeeds. Throw in another subnet, or something else and it quickly falls to pieces and ends up with bloated firewall rules in seconds flat. And here I stop reading, because my previous quest...

rextended

I'm not referring to @anav but to everyone: I'm still waiting for an answer to the previous question. https://forum.mikrotik.com/viewtopic.php?t=214608#p1126560 @Josephny : It's best to clarify one concept at a time first. All the questions in one post are unmanageable, but we all agree on one very ...

rextended

Better to segment the problems first, rather than mix everything together. First question, Where is the default firewall flawed for a very simple standard connection between WAN and LAN? It is intended to consider what attacks could come from the internet and the firewall does not block. Leaving asi...

rextended

And then some users who feel like they are the second choice after FakeGPT, they are f–g about.

rextended

the issues may come the moment you start fiddling with firewall rules without really knowing what you are doing. Precisely, better to leave the defaults, or at least something that resembles them, not something that for you is only subjectively safer and for someone else can give unexpected problem...

rextended

rextended

sure we do have a 'CPE NAT' system,

I meant everything except that........

rextended

Without my question, these details would not have come out.

Well it's very simple, configure the server to allow only the windows update and teamviewer services to connect to the public network.

Easy and clear, and in the RIGHT place to do that.

Right?

rextended

What does it matter to you if your time is synchronized and Windows is up to date, if the rest of the world is cut off?

rextended

Default firewall rules are still here. https://forum.mikrotik.com/viewtopic.php?p=856824#p856824 drop-all-at-the-end should only be put in the input chain. It is obvious that the router must allow everything between the entire LAN and the external WAN, otherwise why did you put a router and connect ...

rextended

Is not present because it is not needed, you must not add random rules without know what you doing...

rextended

I work for an Instant-Failover/Bonding company called Nepean Networks. One of the things we do, is hand off our Public IPs to clients Mikrotik routers. Who cares what the company name is, and all the other bells and whistles, with the question? It sounds more like an advertisement than a help reque...

rextended

doh-timeout=1h23m20s ???????? Who got up in the morning and wrote that b–t? You wait 1 hour and more for a DoH reply? Your ruouter act as DDoS server... Default parameters: address-list-extra-time=0s allow-remote-requests=yes cache-max-ttl=1w cache-size=2048KiB doh-max-concurrent-queries=50 doh-max-...

rextended

More simple and compatible with v6 and v7 :foreach iface in=[/interface ethernet find] do={ /tool graphing interface add store-on-disk=no interface=[/interface ethernet get $iface name] } :foreach iface in=[/interface find where type~"(ether|vlan|bridge)"] do={ /tool graphing interface add...

rextended

Since you can not choice the path of the graphs file, if your device use NAND or flash, do not do it...

rextended

@teslasystems Probably because there are many like me who when they see this new little toy for fun of someone turn away and hope that the v3 lasts as long as possible... The transition from v6 to v7 didn't teach him anything... First you do something identical to v3, with the same features and aspe...

rextended

From the descriptions you wrote, nothing is clear. Your connection provider must be informed and can check whether or not they receive publication requests from your router. If you want to publish another prefix, in addition to having the parameters on your correct LIR AFRINIC / APNIC / ARIN / LACNI...

rextended

v4 Menu on the right, v3 Tabs on top...

v3 is more clear.
For example is clear separation between connection limits and other subsection, on v4 is all grouped together.

rextended

(try running "/interface/print where" ) Do error, is not valid. You add a space after where for sure (or more probably you remove all characters of a previous command but not the space). Simply compiler do error if where is not followed by something, and ignore it if is followed with a sp...

rextended

10.1.10.0 is a valid address, until is used inside a "LAN"... If you have, for example, a pool 10.1.10.0/24 (10.1.10.0-10.1.10.255) the pppoe can use 10.1.10.0 and 10.1.10.255 for go out on internet without problems. Then, that some software are badly written and do not work with .0 and .2...

rextended

if you don't plan on soldering a button... don't install 7.x or you'll lose a lot of administrative functionality with device-mode everytime..........

rextended

You need to be able to make contact between the two closest pieces of solder on the left or the rigth.

You may be able to do this better if you remove the card from the chassis.

rextended

Use "VPN" & IP access...

(expanded reply on previous post)

Wait @anav for further help

rextended

leave it only on one interface, like ether5 and use ether5 just for admin access, removing it from any bridge or other functions delete ether5 from bridge ports /interface list add name=MGMT /interface list member add interface=ether5 list=MGMT /tool mac-server set allowed-interface-list=MGMT /tool ...

rextended

I purchased the CCR1036-12G-4S used and it has an administrator password So, you bought it used, coincidentally the person who sold it to you doesn't have the password, coincidentally you can't return it and coincidentally you are in a hurry... To me it only smells like a stolen routerboard (not di...

rextended

just a peek here and there... /interface bridge port add bridge=bridge interface=*B internal-path-cost=10 path-cost=10 add bridge=bridge interface=*C internal-path-cost=10 path-cost=10 unused entries (deleted) still exist on bridge ports /interface list member add interface=ether1 list=TRUSTED Serio...

rextended

# Interface not running # disabled # PPTP connections are considered unsafe, it is suggested to use a more modern VPN protocol instead & Co. are present on new version export Graphing causes the internal NAND/flash to wear out unnecessarily. /tool graphing interface add add interface=wireguard1...

rextended

We went from something that worked fine on windows and emulated well on others, most of the time,
to something that doesn't work as well as the old one anywhere...

rextended

The first one is "wrong". address=10.1.10.0/32 with netmask=24 makes no sense, but it is strange that it is the result of an upgrade, or, if it is, there may well be other things you have not noticed. Is not wrong, is just for exactly 10.1.10.0 (/32) that is provided dns-server=10.1.10.1 ...

rextended

I don't want to create 2nd bridge and use 2nd DHCP server so my thought was it was possible through script. Question already closed. There are plenty of ways to do this, but if you don't know a fixed lease from a dynamic one, I think it's extremely difficult to do this by reading here and there on ...

rextended

You try to set something on a dynamic lease? Are you trying to set (modify / change) something in a dynamic lease? I don't think more or less correct English can make much difference in this question. You haven't answered the question yet. The answer can be yes or no, not a comment. And I already w...

rextended

I do not read more after mode=https

If you use url you must not use mode

rextended

In what you wrote I didn't read the answer.

It is implicit that it cannot be done in dynamic leases, but only in static ones.
It is difficult for a smartphone to connect via ethernet,
it is likely that a laptop can connect (but with two different MACs) to both (and even simultaneously)

rextended

Well, ~11 years on 25th have passed since 2014... and I'm not a native English speaker...

rextended

Leave me the time to check and finish the post...

rextended

@all do not mix IDs and (print) line number. if you write remove X is readed as remove number= X If X is one ID, is directly removed, If X is one number, is internally converted in one ID first, based on latest "print" provides list of interfaces in format alien to where ... and print simp...

rextended

I correct the description, it is misleading... To add default fasttrak when updating from ANY v7 previous version, just paste this into the terminal (barring arbitrary changes to the default configuration already made). New devices netinstalled with beta4 and later, or restored with default configur...

rextended

It's full of errors and invented commands. Did you ask StupidGPT for the script??? { /interface :local ifname "pppoe-out1" :local ifget [get $ifname] :local ifdown ($ifget->"last-link-down-time") :local ifup ($ifget->"last-link-up-time") :local ifrun ($ifget->"runn...

rextended

You try to set something on a dynamic lease?

rextended

https://forum.mikrotik.com/viewtopic.php?p=965180#p965180 Replace with _ any unusable filename characters, this can be applied everywhere before create a filename to be used... Or simply use original ether1 MAC address, as already suggested: :global remdots do={ :local string $1 :if (([:typeof $stri...

rextended

time is a string. [] /log> :put ("A" > "B") Script Error: cannot compare if string is more than string [] /log> :put ("A" < "B") Script Error: cannot compare if string is less than string [] /log> :put ("A" = "B") false [] /log> :put ("...

rextended

(moved bottom)
viewtopic.php?p=1125322#p1125322

rextended

@Jotne yes,

I reorder parameters and align *pure* default items for better readability, but the line is the same, for keep exactly the defaults.

rextended

Only service that that you like to have open should be open, all other blocked. That you need to block 53 tells me that your fw are wrongly setup. @Jotne Mikrotik default filters are active I don't believe it. And even if it did, you probably changed something else that made it not work. The firewa...

rextended

I don't believe it.
And even if it did, you probably changed something else that made it not work.

rextended

Blinders like on horses...

rextended

stopped all upgrades in production so we are stucked on 7.16.2 . device-mode is a vendor integrated and forced landmine . Some of operators will left their devices under v7.17 and using them till lifetime replace with another vendor , +∞ I understand the password security required by EU regulation,...

rextended

:D ... a fresh brew ... is magic ! Using 0x20C0A8640100000000202278FFF40000000000647FFF05 provide not correct, but not wrong, results: 192.168.100.1/32 via 0.0.0.0 -> must be like 192.168.100.1/32 via <DHCP client interface> 34.120.255.244/32 via 0.0.0.0 -> must be like 34.120.255.244/32 via <DHCP ...

rextended

¿Che cosa?

Is not Spanish...

rextended

https://mikrotik.com/consultants

rextended

The blinking must be supported from ethernet chipset.
For example, on my CRS112 work.

rextended

When you have a special need to have a serial number in messages, why don't you add it to the device identity of your devices? So instead of hAP-test you call it hAP-test-E1548DC8753B Exactly, is wrong call all the devices "hAP ac^2". Every single device on my network have different names...

rextended

@Jotne if board-name ~ "x86" use [/system license get software-id] if board-name ~ "CHR" use [/system license get system-id] on other cases use [/system routerboard get serial-number] or simply: [/int eth get ([find]->0) orig-mac-address] since at least all RouterBOARD have one ...

rextended

As usual, you forgot which version you're talking about. I don't see json in the OP. [rex@MATRIX] > :global data ({"extDns"="blabla"; "static"=("172.16.0.2/24","fdc7:affe:affe:1::10/64"); "dyn"=("2a02::10/64")}) [rex@MATRIX] > :pu...

rextended

Che differenza fa?
[What difference does it make?]

rextended

Like I said, I (or MikroTik) would not have deleted it. It was a volunteer mod. IMO @normis is on the best path. What matters most is confidence and trust in the forum process. Forum moderation suggestions: The goal is a transparent audit trail doesn't leave much room for speculation or conspiracy ...

rextended

Since I saw the OP's screenshot of the deleted post and checked every line, it was all bullshit. The only way to exploit those vulnerabilities in libraries used by RouterOS was to hack RouterOS first, to execute arbitrary commands as super-admin. So, who cares about those problems, if to exploit the...

rextended

what yo do not want log anymore?
(screenshot is better to not omit details)

rextended

How can I remove unnecessary (garbage) from the log?

You have done what I wrote on post #8?
viewtopic.php?t=214019#p1121110

rextended

This is because you do not align the factory firmware, and new firmware have some misalignment... Install exactly 7.6, upgrade the firmware, reboot to be sure current firmware is 7.6 then install this: https://box.mikrotik.com/f/3bd8cc7b2a6545228377/?dl=1 Next you can install correctly 7.17 https://...

rextended

In a RouterOS script is there an equivalent to a GoTo statement in Basic?

NO. (dot)

Convert that section on one function and call it only when is needed. Easy.

rextended

RB1100AHx4 do not have SFP and all ports are only gigabit.

rextended

Some tests on vars that do not have sub-arrays... { :global globalVars [:toarray ""] :put $globalVars :set ($globalVars->"testArray") [:toarray ""] :set ($globalVars->"testArray"->"value") [:toarray "a,b"] :set ($globalVars->"testArray...

rextended

Then in the future, and easily too (given how people with the "security flag" start using DoH, https and other bullshit that worsen management and do not increase security at all), I see that web pages will no longer be rendered by the browser, but interactive images and interactive videos...

rextended

It would be enough for all users to agree and boycott the products in the EXCESSIVE advertising banners, sending protest emails to the companies in question, and they would stop advertising in that way, knowing that it would backfire on them... I understand those who try to earn money with what they...

rextended

Why do not post this on dedicated winbox 4 topic instead of uselessly open another topic?

rextended

CRS320-8P-8B-4S+RM is a switch, not a router. Do not expect more speed than aggregated 200/300Mbps... Default firewall rules and config are the best security for who copy & paste other scripts randomly because do not know RouterOS. The first security breach is someone that think that can randoml...

rextended

The function still have problems after 6 years... Refitted to avoid errors. Also added the ability to delete the "variable" if delete=yes is specified as parameter. :global l7var do={ /ip firewall layer7-protocol :local varName [:tostr $1] :local varNewValue [:tostr $2] :local valuePresent...

rextended

CCR2004-1G-12S-2XS -------DEAD

You try the upgrade on lab on another CCR2004-1G-12S-2XS with same software and same backup before update?

rextended

#file
#                here ↓
    :local filename ("IP-Scan_".[/system/identity get value-name=name]."_".$scanInterface."_".$ds."_".$ts)

rextended

Leave him alone, he's just taking the piss out of you.

rextended

Yes but, 30 clients, at what speed each? I believe maximum speed will be 250mbps, RB5009 will be capable of that? Math? 30 * 250 = 7500Mbps... Yu have a link at 10Gbps? Official Ethernet test results: Routing 25 simple queues 512 byte 4612 Mbps Since I do not think all clients download 250Mbps cont...

rextended

"Rogues are very keen in their profession, and know already much more than we can teach them."

rextended

@eddieb First, these function will only work on 7.17+ , and must have a /interface/bridge with vlan-filtering=yes enabled. 7.17 is not... uhm..... ***************************** $prettyprint [$pvid2array [:rndnum from=257 to= 4094 ]] I strongly advise against using "random" VLANs. VLANs sh...

rextended

Dozen? (One?)

If you do it for work, is incredible that you do not use already netinstall/flashfig with config scripts where password is not needed at all...

rextended

It's like evaluating a restaurant in the center of Rome where in the last few years 10 people have complained that the food was bad...
In comparison to 199990 people who haven't written anything...

rextended

I believe maximum is 30 clients, the RB5009UG gonna do its job in this situation?

Yes but, 30 clients, at what speed each?

rextended

Do not buy switch for use it as router. Ooooo, no one mentioned this actually! Im in need for router! All (not really all, but let's ignore this) MikroTik devices, RouterBOARD, have RouterOS inside, even the switches. All RouterOS features are available in all devices (except things that require sp...

rextended

Do not buy switch for use it as router.

rextended

Instead of re-writing my script for no reason No reason? I show you how must be coded corectly to avoid use scripting style that casually works... The missing "" are not only the problem, expect broken it again on future versions.... :local date [/system clock get date]; # on this line: u...

rextended

You test this?
viewtopic.php?t=214071#p1121253

rextended

@anav Where is??? even if you specificaties, the command will reset the whole interface Already wroted, with explanation.... https://forum.mikrotik.com/viewtopic.php?t=214154#p1121429 (obviously MTU and L2MTU are 666 and 777 just for test..........) [rex@edge-MATRIX] /interface/ethernet> export # 2...

rextended

(when MikroTik have done) generic tip: do not use firewall to do routing job....

rextended

multicast is multicast, not somenotcast..................

rextended

Thanks... But for what??? 🤷‍♂️
Helping @evilsabc, a generous and substantial commitment IMO.

Ah, I thought you had a similar problem, but I either didn't read it or inadvertently ignored it.

rextended

(I do not check) Global variables are inside supout???
It's a question. They are not visible in their supout viewer, but who knows...

Reasoning in a similar way, even small files could be sent inside supout...

rextended

Because MT guys will see them in supout files :lol: . Of course, I'm not blaming them for anything, it's just a normal security measure. Not sure if they can see environment variables, but script code is fully visible, that's why I've placed all sensitive data in the file. (I do not check) Global v...

rextended

@rextended Thank you, and well done!

Thanks... But for what??? 🤷‍♂️

rextended

And what's stopping you from using global variables, or better, if username, password, etc. are defined in the script, put them right inside the function.............. ... :local doFetch do={ :local SrvData [:deserialize value=[/file get $auth contents] from=json] :local Dest $path /tool fetch src-p...

rextended

The problem is not the configuration, but probably the database files where is wroted the configuration are unreadable from 7.17 for some reason... create supout.rif and send it to mikrotik support with problem description.

rextended

It doesn't make any sense that the function, when declared, sees the local variables... And whatever happens, you wrote it wrong, if the function ever sees local variables.... { :local TestVar "123" :local SomeFunc do={ :local TestVar ; # missing this :log info $TestVar } $SomeFunc } You c...

rextended

Tip n.1 for tip n.1: Use routing / rules. Each item has it's own tool.... when MikroTik finally add address-lists to routing rules........................

rextended

I like corerct syntax and avoid shorting for unreadabilty.
I dislike full syntax but not where:

/interface ethernet reset numbers=[/interface ethernet find where default-name=ether1]

rextended

DO NOT PUT FILE ON FORUM Well, do one "/export show-sensitive file=myexport" and save the export out of the Router, to program the router once v17 is installed, and resetted to empty default first. If you do not use old CAPsMAN at all, consider uninstall wireless, since CCR2116-12G-4S+ do ...

rextended

Ok, also RouterBOOT setttings and packages are ok. You have one backup of the configuration? Old config can not reappear just putting back 7.15.3.... Download those, drag and drop inside winbox, and after that go on system / packages and press downgrade https://download.mikrotik.com/routeros/7.15.3/...

rextended

device-mode is Ok, RouterBOOT (firmware) is Ok, Partition is OK, still missing the rest.......................................
if you still do want do it manually one by one....
/system package print detail
/system routerboard settings print

rextended

and

/system ; package print detail ; routerboard settings print ; /partition print detail

?
(if I write that line, you must copy and paste all line...)

rextended

DO NOT POST serial-number!

/system ; package print detail ; device-mode print ; routerboard ; print ; settings print ; /partition print detail

results?

rextended

Stop suggest using "0" and use interface name. Ignoring the i*** of change randomly the MTU, the correct syntax is set ether1 mtu=1500 and [find] must not be used alone, because change everything, not only that interface. /interface ethernet reset NOT exist on v6 (exist only reset-counters...

rextended

This produce same output at the end, but is just for progam in "nice" way (avoid duplicates, avoid deleting what must be rewrited, etc.).

Anyway, the important thing is the rest, which I think you understood from my suggestion.

rextended

@evilsabc
For use netinstall to reinstall 7.15.3 and reload backup, you must first enable it on device-mode.

press reset button after run this code

/system device-mode update activation-timeout=60s mode=advanced install-any-version=yes partitions=yes routerboard=yes

rextended

Basically, yes, but for be more "nice" on the point 2: on foreach cycle at the same time you UPDATE the comment if the rule already exist AND add new rules with :timestamp.

This do not delete what already exist (and must be keeped) and do not (temporarly) duplicate rules.

rextended

New for Mozilla https://www.ccadb.org ( https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites ) /file print file=ccadb.txt :delay 1s set ccadb.txt content="-----BEGIN CERTIFICATE-----\r\ \nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\r\ ...

rextended

I'm just wondering if I did something in the past to import all those certs, and I just cannot remember it. 😊 Yes, you read this topic and apply the script. https://forum.mikrotik.com/viewtopic.php?p=1080348#p831111 @CGGXANNX never trust intermediate sites. https://forum.mikrotik.com/viewtopic.php?...

rextended

I won't write it down, but I'll give you an idea. Scroll through the list of addresses. For each of theroutes you find that are the same as the ones you need, update the comment with a prefix and today's date (for example "$comment 2025/01/24 14:30") add the routes that don't exist, always...

rextended

Do not duplicate requests.

viewtopic.php?p=1121356#p1121356

rextended

Export also the scheduler, how can check if you put all necessary policies? /system clock :local d [get date] :local t [get time] :local z [get time-zone-name] /system identity :local n [get name] /system backup save name=email dont-encrypt=no encryption=aes-sha256 password=pippo :delay 2s /tool e-m...

rextended

I think it's actually a data alignment problem in the NAND, since the backup "bios" itself is started only by holding down the reset button before turning on the device, or by selecting "force backup booter" item in system/routerboard/settings. Also old 3.x and 6.x do not longer ...

rextended

Only on 5 occasions MikroTik provide packages for change "any" backup version on 6.29.1 for 3.24 backup, on 6.40.7 for 3.41 backup, on 6.43.7 for 6.43.7 backup, on 6.49.7 for 6.43.7 backup, and on 7.6 for 7.6 backup. My 2017 post already explain how... https://forum.mikrotik.com/viewtopic....

rextended

What is your backup firmware?? You must install and use 7.6 RouterBOOT and RouterOS do not work with other version of current RouerBOOT (you already know that RouterBOOT is not RouterOS, I write that for the others...) when trying to enable the feature, do the following: a) upgrade or downgrade the ...

rextended

So, the current version 6.49.17 and 7.17 of ROS are presumably not affected by these previously discovered vulnerabilities assuming the default admin user is disabled and replaced with once with complex password, management access to router restricted to specific private IPs (so no SSH/Winbox from ...

rextended

I cannot simply allow routers to auto-update or I would risk one router rebooting while another is still downloading. Understand the point. Yes, you can. The auto-upgrade (of RouterBOOT / firmware / "BIOS") do not cause reboot on any way. Simply next time RouterBOARD reboot for some reaso...

rextended

As usually, "you" forget to write history of all previous RouerOS versions installed.

rextended

This is not a routerboard / RouterOS upgrade, this is a firmware ("bios" / RouterBOOT) upgrade inside the RouterBOARD. Enable auto-upgrade suffice, is useless upgrade the "bios" because often still the same for years, because inside change only version number for follow RouterOS ...

rextended

rextended

Still falling everytime into the same stupid speeches. Are you able to understand well what is written??? MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to supe...

rextended

It doesn't matter how the relay is connected for be powered from mAP when is forced-on,
but what does it do (the relay)?
Is the contact normally open or normally closed?
What does the contact control?
The relay change power source of the mAP?

Be more specific.

rextended

No, what are the certs name (not the issuer, but the name on routeros)?

rextended

Hi, Can You add option to set PoE status on boot? For example: i have PoE "forced on" on eth2, but when there is a power outage, after restarting the port will be off. (you can set on, off, previous state - on boot). Just like in smart plug :) Never happen to me, hardware and RouterOS use...

rextended

Yes, but the first implementations lock "everything", so this caused many testers to skip any testing...

rextended

Well, no one reported it for the testing (beta and rc) releases...

Because this time with device-mode s–t no one want lock his devices, so less persons than before do tests...

rextended

I AM NOT an expert on the file system used, but in the past updates left space occupied on the disk not assigned to any file. A "fsck" solved it by releasing the space. This happened in x86 and CHR (mounted separately the disk on ubuntu for launch "fsck"), but probably given the ...

rextended

If you think about it, it's the only logical solution for those stuck on 7.16.2, which obviously doesn't concern those who have already installed 7.17 or 7.18beta2. What I wonder is why if I think about it in a few moments, that I AM NOT PAID TO DO IT, why those who are paid by MikroTik to do things...

rextended

Then original question stands - are there any alternatives to netinstall...

They should make 7.16.3 (which would be the same size as the kernel that goes with it) with the space fix,
mandatory before moving to 7.17.x or 7.18.x
That way you would have the problem already solved.

rextended

Please change the title like "I do not understand correctly how set the logs", is not a RouterOS problem. Now I'm writing you what the others who answered did NOT deduce from your screenshot... @K0NCTANT1N You completely got it all wrong. !ntp also logs literally everything, except ntp... ...

rextended

on [successful] upgrade or netinstall

Simply the "fix" is not installed until is not successfully installed the 7.18beta2.
The fix is for future versions, not to fix current.

rextended

More CEF features are in development for the next betas

well..

rextended

rextended

Why this do not work since 7.17??? (on all 7.16.2 and less, included v6, work) /sys log action set [find] disk-file-name="/log" (work without the /) Those, and other points where can be set a path, with "/" work correctly: /ip hotspot profile set [find default=yes] html-directory...

rextended

Why this do not work since 7.17??? (on all 7.16.2 and less, included v6, work) /sys log action set [find] disk-file-name="/log" (work without the /) Those, and other points where can be set a path, with "/" work correctly: /ip hotspot profile set [find default=yes] html-directory...

rextended

Whatever happens, this doesn't mean that if you need help, I won't give it to you. Remember that no one is infallible. I often make mistakes too, especially with RouterOS that changes things with each version..... For example... this do NOT work on 7.17+ but work on 7.16.2 and less (also on v6)... ...

rextended

I literally asked you to prove me wrong and i'll happily listen and accept it. You on the other hand aren't listening at all, just preaching pedantic coding Just wait new 7.18... On different devices and different way of update I obtain different results. This is one hAPax² from (??? not remember)-...

rextended

What is the purpose and the use of "authorized-public-key-hash" on device-mode???

rextended

rextended

Not installed for test, but this help comparing commands differencies on terminal:
viewtopic.php?p=1047229#p1047229

rextended

viewtopic.php?t=214071#p1120636

rextended

Do not have any problem at all...

But...

another provider that can give the full routing table only

Filter all and add 0.0.0.0/0 with more weight manually, is easy, and can circumvent provider incapacity...

rextended

NICE WORK.

I'm undecided on what to report the most beautiful, besides the FastTrak, I should copy half the list...

rextended

rextended

Search on forum, someone have already do that... This download all root certificates. https://forum.mikrotik.com/viewtopic.php?t=169662#p1080456 If you want install only one root cert (DigiCert Global Root G3), use only first part, with correct certificate: /file print file=DigiCertGlobalRootG3.txt ...

rextended

I won't comment these stupid conclusions. Calm down and don't scream so loud. The conclusion is not stupid, someone passing by, without be one forum admin or post official sources, announces something, it's just bullshit. Not to mention that maybe, as already happened, they remove some features fro...

rextended

Why do not Miktotik update my SUP with this information is an outer question.

Probably the SUPs from more than a day ago have already been forgotten...

rextended

Yes, some other news (search on help "31 address" or "1000 characters") https://forum.mikrotik.com/viewtopic.php?t=189798#p1119638 @Jotne is happy now for Splunk :lol: :lol: :lol: https://www.splunk.com/en_us/blog/learn/common-event-format-cef.html CEF:0|MikroTik|CHR|1.0|100|Logi...

rextended

Only on the official (help) documentation, not on idiotic rumors (I'm referring to another topic).

https://help.mikrotik.com/docs/

Just search "CEF"

Often page # change so direct link is broken, but until still valid:
https://help.mikrotik.com/docs/spaces/R ... og-Summary

rextended

After 8 years...

From MikroTik RouterOS 7.18 support for CEF (Commont Event Format) logging format is added, as well as timestamp support for milliseconds.

rextended

Strange, in 7.18alpha4 there is not present...

The only things added not for joke are:

Support for CEF (Commont Event Format) logging format and timestamp support for milliseconds.

/31 address support

OpenVPN Password cap increased to 1000 characters

rextended

on address list 0.0.0.0/0 = everything... so...
if you want match EXACTLY 0.0.0.0/0 (accept only default route, if is transmitted....), use filter
if (dst == 0.0.0.0/0) { accept }

rextended

Which model? Which version of RouterOS? Which version of Winbox? Which computer operating system?
What game is this? Should we pull everything randomly?

Take your hands away from your eyes so you can see it.
You have not changed the computer used.

rextended

You edit your post, but is still full of frills and errors . If you try to correct someone who corrects you, at least make sure you correct well... If 2 is a number there is no need for "" , if instead it is a string, then consistently the 1 must also be quoted... And about \"check$nw...

rextended

Just necroposting. Nothing usable and full of frills and errors. For example: :if (check$nwsarr must be :if (\$check$nwsarr /system clock :local datetime "$[get date] $[get time]" :local nwshost ("Tes1","Tes2","Tes3","Tes4","Tes5","Tes...

rextended

bst ch grd qll gi scrtt.

rextended

non interactive is /system ssh-exec

rextended

Lazyness... /system identity :local systemName [get name] /system clock :local curDate [get date] :local curTime [get time] :local curYear [:pick $curDate 0 4] :local curMonth [:pick $curDate 5 7] :local curDay [:pick $curDate 8 10] :local curHour [:pick $curTime 0 2] :local curMin [:pick $curTime 3...

rextended

It's on one line? Can not be on two parts in scripts like that.

rextended

If the network team cannot see the ONT …. ESCALATE TO some one who can … do not give up … this is not rocket science … someone from the NOC should be able to help you to resolve this ….

+100

rextended

added on previous post, if you not notice it: "cryptic box" probably is just configured to do bridging, and the Juniper router of your ISP provide public IPv4 on DHCP and single IPv6... a05:e2 -> 0 a:05:e2 -> 0 8 :05:E2 Juniper https://hwaddress.com/oui-iab/08-05-E2/ f61e:57 -> f6:1e:57 ->...

rextended

Ok, if you can only receive (correctly) one /128 and you can ping correctly 2606:4700:4700::1111 from your router, is meaning that the "cryptic box" probably is just configured to do bridging, and the Juniper router of your ISP provide public IPv4 on DHCP and single IPv6... So you must ask...

rextended

I love Excel ( 😛 )

rextended

Now is clear that you do not use pppoe or vlan, but just DHCPv4 client. Restart is not needed. try this: /ipv6 address remove [find where dynamic=no] /ipv6 dhcp-client remove [find] add add-default-route=yes disabled=no interface=ether1 rapid-commit=no request=address use-peer-dns=yes If you obtain ...

rextended

while waiting for /interface print test this: /ipv6 settings set accept-redirects=yes-if-forwarding-disabled accept-router-advertisements=yes-if-forwarding-disabled forward=yes max-neighbor-entries=32768 set multipath-hash-policy=l3 ; # this line do error if not used on v7.16.2 and up /ipv6 dhcp-cli...

rextended

I do not see any pppoe interface in routes...

also /int pri please?

rextended

you use pppoe???? problably is pppoe that provide you the IP connectivity, not the dhcp on ether1... I can fail on this because I do not understand correctly how you have setup yout router... The first user that reply you on this topic must ask first how is configured and attached your router... put...

rextended

you use pppoe or vlan?
the dhcpv4 is directly over ether1?
what is your LAN interface?

rextended

Put a switch on the WAN and attach the gateway WANs to it... What use would the second gateway have if it doesn't have to do anything? Forum users, often, do not do illogical things. Explain correctly what you want to achieve in the end, not the intermediate steps that seem absurd, even if they seem...

rextended

I literally asked you to prove me wrong and i'll happily listen and accept it. I've already written the reason twice, it's you who comes out with this defiant air. What do you expect me to write same thing "prove me wrong" and start a game of morons? The other people on the forum will jud...

rextended

With you what I write are empty words. I have already made it clear that it is not a competition of style, or of right and wrong, but of not leaving wrong examples on the forum. Of course it works if a package is installed, it is also easy to generate a problem, mixing packages of different versions...

rextended

This is not the specific case, which may or may not work, and it's not even a question of code beauty or not (but why did you change it from the first post?) but you absolutely must not use hardcoded numbers or .id to obtain values. There are dozens and dozens of posts where users, copyng these erro...

rextended

So here is the version agnostic command for anyone else who is interested [...] /system package get 0 version [...] No this is not agnostic, this is wrong . 2022-02-26 https://forum.mikrotik.com/viewtopic.php?p=915725#p915725 /system resource :if ([get version]~"^7") do={ [:parse "/e...

rextended

I'm new to MikroTik and scripting and wanted to get a basis to start off of.

So if you need to learn Italian, start by looking at examples of Swahili?

That obviously didn't work.

So, obviously is lost time. This forum is full of correct examples.

rextended

No need to run the script more often than once a week or even month. Or better... If the scheduler name is checkVersion , simply disable it once send the email... { /system package update :local test [check-for-updates as-value] :local installed ($test->"installed-version") :local latest ...

rextended

Simple reply to OP post: Unable to upgrade/update, and nothing else.

rextended

@normis and others working on Winbox 4 should prioritize SUP-175441

And for what reason?

rextended

Detecting which command based on version is doable. I've already posted on these forums on how to detect and run version specific commands without failure, Already done that before, but I can also make this for check what commands are supported and what parameters https://forum.mikrotik.com/viewtop...

rextended

{ :global vCheck /system package update :local test [check-for-updates as-value] :local installed ($test->"installed-version") :local latest ($test->"latest-version") :if (($installed!=$latest) and ($vCheck!=$latest)) do={ :log warning "Is installed RouterOS $installed but ...

rextended

You guys need to stop messing around with ChatGPT and the like. It makes you all dumber. For example, if you were to use even a little bit of the intellect that all normal people have, how can the rest of the code be executed after the reset command reboots the device? Also, if the config is really ...

rextended

SXTsq 5 ac on nv2 or nstreme? ax do not support at all nv2 or nstreme

rextended

Contact support@mikrotik.com

rextended

The best idea is to test RouterOS separately, and when in the lab it seems to work correctly at least for 3 months, apply it to a small part in production, for testing, and if it goes well plan the update everywhere. So it doesn't matter to be notified when there is a new version of RouterOS, just l...

rextended

or do you just write because you don't know what to write? I think it's about you. Already second post in this topic without any sense... Just wait until 7.18. The problem is you. Why necroposting on a topic from 2022 without the official source where it is written that probably they add the functi...

rextended

Probably it will be added soon (7.18)

More or less reliable sources, or do you just write because you don't know what to write?

rextended

It's a necroposting from 2018.
v7 do not exist on 2018...

Ignoring the logging, is all useless, just simply

/caps-man interface disable [find where name~"^AP-1stFloor-.*"]

rextended

I also thought about using json, but... Put in a table: on the right the variable types that RouterOS supports (array,bool,id,ip,ip6,num,str,time,ip-prefix,ip6-prefix,nil,nothing), (ignoring unexportable types code, function, lookup, op, apireq, exclamation, cmd, iterator, backreference) on the left...

rextended

rextended

I don't think this is a problem that forum users can address.

Contact directly MikroTik support@mikrotik.com providing Supout.rif and detailed description.
And please update this topic with results/given answers.

Do NOT post Supout.rif to any forum members.

Thanks.

rextended

What could be causing this problem? The answer is simple: You. You haven't read the basic scripting guides. They aren't complete, but it's clearly stated not to use numbers in scripts. Numbers are for "on the fly" use in the terminal, nothing fixed. There is only one DHCP client configure...

rextended

Nextgentel use 2a04:980::/29 that go from 2a04:980::/29 to 2a04:987:..../29 so is coherent. If you log the array, winbox or webfig can't show correct hex values. Try to use this for log: :log info "na-prefix $[:convert $"na-prefix" from=raw to=hex]" WARNING: Do not publish result...

rextended

[..] DHCPv6 script section the global variable is not created nor set [..] If you read changelogs, help and forum, you learn that actually, on actual stable version, netwatch dhcp, ppp, etc. sciripts are runned on different user that can't interac with global variables, and other restricted permiss...

rextended

All this: # Initialize the content with a header :if ([/file find where name=$filename] != "") do={ /file remove $filename :log info "Removed existing file $filename." } simply: /file remove [find where name=$filename] Why uselessly do same test again and again? # Log file creati...

rextended

For remember what I wrote on post #5:

(And if you had an ISP that knows how to do its job, there wasn't one)...

rextended

And in case is already present on destination route table, but have another gateway? Wrong for various reasons. Also superfluos ; , unconsistent variables name, etc. Duplicated :: at start probably for copy-paste. Also on the description missing that not only copy, but also change gateway. { :local ...

rextended

Wrong for various reasons. Also superfluos ; , unconsistent variables name, etc. For example, one above all, if on the foreach checkIP is set to 2, then it will never return to 0. { :local routingTable "6G" :local addressList "BGP_YOUTUBE" :local dstAddress 0.0.0.0 /ip route :for...

rextended

The title is wrong, the correct title is "fix for me SchaitGPT script"

Why don't you ask ChatGPT for help?

First you get a dog and take it out to s—t on the street, then you ask pedestrians who pass by to clean it up?

rextended

This is not the case, but sometimes it is a really bad idea to log in case of DDoS, it takes up a lot of CPU.

This is not the case, but sometimes it is also a really bad idea to create an address list in case of DDoS,
it takes up a lot of CPU and in a short time it runs out of RAM...

rextended

Surely this is something the ISP should be fixing rather than you at the edge of their network?

(And if you had an ISP that knows how to do its job, there wasn't one)...

rextended

Thanks for the confirmation you missed the point. My bad for not including a at the end.

Oops, sorry, I actually meant it as a serious question...
Now I understand...

rextended

You are missing the point, in order for this to be of any use you must trust the source. No, sorry, but you missed the point: Anyone can make mistakes (and, also, the list provider can change the format without warning). Regarding 0.0.0.0/0, or 8.0.0.0/8 being wrong on an address list, did I miss t...

rextended

:if ($ip ~ "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}") do={ :do { # Try to add the IP to the address list add list=$listName address=$ip comment=$description timeout=0 dynamic=no } on-error={ # Update the existing entry if it already exists set [find list=$listName address=$ip] ...

rextended

It always means the complete configuration (purged from sensitive data censoring it, not cleaning the lines....), not just a little piece where YOU think is the problem.

Search found 13352 matches

press reset button after run this code