since i did this on my nas i will automate generating this once a week and pull it via ftp ...

thanks waiting for this.. i was able to code this up in unix to get and format the proper file.. i guess i can run it every few months.. here it is if it helps others [/share/CACHEDEV1_DATA/qnapshared/amazonaws] # cat prepareaws.sh #!/bin/bash cd /share/qnapshared/amazonaws wget -O aws1 https://ip-r...

for anyone interested i would like the file to look like this but pulling in the .json url which i can do on the router.. but i dont see any scripting utilities to automatically pull out the relavent lines and change them like grep and sed i did this manually and uploaded to my router but this is al...

I know someone must have written a script get the the addresses from the url and parse based on location and import to an address list i need to pull in and whitelist us-east-1 and us-east-2 but can change it myself if you have something written that pulls in the lists parses and creates and address...

thanks i am interested.. i will look at that list..

my big countries are china russia kzakstan and brazil believe it or not..

thanks all.. i found the setting now in the ui.. As i said i got it working and have been using it on my older ccr1016 but am preparing the ccr1035 with sft+ to have my isp go over 1g.. And i already have an internal 10g networking to my nas's etc. my firewall would not work with bridge filters it i...

thanks .. very helfull, i have public ips and a mail server.. you cannot use a switch dipshit.. if you dont have anything to contribute DONT and there really are NO home brew routers that do bridging firewalls other than DDWRT and that cannot keep up wioth the trqaffic I need Any anyway those are no...

firured it ouit.. it was this setting. that does not show up in the interface.. the only way seems to be set it in the command line, and it is a strange one to set.. took me forever to figure out the set and get options dont work.. you need to use the edit which brings it up in vi the use-ip-firewal...

Need expert help.. I am setting up a ccr1036 and for the life of me cannot get the firewall to work.. it configured everything exactly like my ccr1016 where the firewall is working. Eventually I want to use the sftp+ ports to get faster than 1g connections, but I even tested on the standard ethernet...

thanks i already did that and as i said i can conenct fine and get the address i am supposed to.. 173.x.x.114 server is 173.x.x.113

i can ping myself at 113 but cannot ping anyhting else including my mail server on 173.x,x.125

i have a router with public ips so shouldnt need nat or anything.. i can connect with openvpn and get one of my public ipss. burt pc can only ping itself not even the router or any other addresses on the public subnet (13 address block) any idea what could be going on.. i think maybe the subnet is w...

reboot of box fixed it

same problem. i created two certif. took a break and now no fields other than name are enterable.. it is not a issue with winbox as same from anotyher machine.. something with the micrsotik hw itself.. trying a reboot now.. dont feel like doing the command line version.. please fix this.. otherwise ...

No the OK country lists is much larger ie UK for USA etc etc.

I download ranges of ips from Kazakhstan, Russia, China and Brazil (most attacts to get into my router come from ips in these countires) I then combine these individual address lists to one called foreign and block them. Recently there are incorrect duplicates between these lists which causes the fi...

Since I could not fimd a good example of this configuration with an advance firewall for ipv6 for comast (in bridging mode since the default gateway is on the same subnet as your range of ips) anyway here is my firewall that I have is confirmed and tested as working.. Note the ips have been changed....

here are my firewall rules.. much more complicated .. 2 sections one to limit attacks/pings on the router itself and one for my forward rules (net changed in a couple of places for security ... /put "cleaning out icmp_packets_bridge chain" /ipv6 firewall filter remove [/ipv6 firewall filte...

I have a public subnet 14 ips. and pptp in the vpn on one of the public ips and can reach my machines on the public ips when i vpn in, However, I can ping the private subnet fine from my routeros box as it also has a second address on my private 192.168.11.x subnet. Hoever, When i vpn in onto one of...

iisues. .upgraded made me upgrade winbox.. now when I try to log in with winbox it wont let me says rmon is not enabled.

just for everyone's info.. this version broke our firewall I got an error that said expecting : in this line add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment="0:0 and limit for 5pac/s" disabled=no I figured out what the change was by export the firewall whi...

this new release made y 1016g unuseable.. after reboot couldn't even get in the router locally.. anyone have info how to flash back to the 6.33.3 packages assuming I can reset the box and get back in. thanks The configuration had two ip addresses a static public ip ie 173. and a private 192 ip.. bo...

this new release made y 1016g unuseable.. afer reboot couldn't even get in the router locally.. anyone have info how to flash back to the 6.33.3 packages assuming I can reset the box and get back in.

thanks

i rebooted router and no more crap.. only think i can figure out is that these servers must have been running some denial of service attack over dns that continaully kept the port open (ie via tcp instead of udp) not really sure.. or there is a bug in the router os software and rebooted cleared it.....

I saw all kinds of crap dns in my logs once I enabled syslog. Anyway I dont understand why they are getting through the input filters in the firewall .. To debug I explicitely bocked dns on both udp tcp on port 53 in the firewall rules.. even though those two ports were not allowed and should have b...

getting a couple of these.. a little lower airflow but much quitter.. will keep you informed when I install

http://www.coolerguys.com/840556098225.html

thanks i have some more statistics I have reduced my firewall rules to 129 by using address lists which the older h/w did not support. anyway for 129 rules using rb2011 with speedtest maxing out at 170 megabit/sec cpu utilization is about 65-70% I also picked up a cr1016 older model cpu utilization ...

I am going to be setting up a transparent bridging firewall configuration with static ips. The reason I need to bridge is that Comcast gives out an ip block with the default gateway on the same subnet as your ip block. I do not want to do NAT and want to actually use the public ips. I assume the sta...

on dd=wrt I did the following.. I need the ip to be on the bridge itself and the bridge to run in promiscuous mode and bridge traffic between 1 port which goes to the cable modem and another which goes to a switch with all my local machines I have public ips... I then want to put a firewall on the b...