Hello! Is there any way to cut the connection of a remote admin..
Let put it this way.. im the main admin in the system but i have 2 users in “Read” group, but sometimes they leave the Winbox opened and the resources of the Routerboard(532) goes to 100% Processor… is there an option or a way to disconnect another admin either winbox or telnet?
thanks in advance and sorry for my english!
Blackbox.!
no way, AFAIK. just add firewall filter rule to block access to the router for that admin =)
If you allow only new connections on 8291, then you should be able to just delete the connection under ip firewall connections and they will be disconnected. Worth a try.
I tested it briefly, there is a lot more you could do, this is only one example. I’ve been thinking of something similar to disconnect active sessions after xx minutes.
Ex for winbox:
This will remove connections to a local winbox session
:local timeoutchain "SessionTimeout"
:local ipaddress
:local username
# Clear connections for active winbox users
:foreach a in=[/user active find] do={
:if ([/user active get $a via] = "winbox") do={
:set ipaddress [/user active get $a address]
:set username [/user active get $a name]
:foreach c in=[/ip firewall connection find] do={
:if ([/ip firewall connection get $c protocol] = "tcp" && \
[:len [:find [/ip firewall connection get $c src-address] [:tostr $ipaddress]]] > 0 && \
[:len [:find [/ip firewall connection get $c dst-address] (":" . [/ip service get winbox port])]] > 0) do={
# make sure dst-address is one of our addresses
:local connremoved 0
:foreach addr in=[/ip address find] do={
:local iponly [:tostr [/ip address get $addr address]]
:set iponly [:pick $iponly 0 [:find $iponly "/"]]
:if ($connremoved = 0 && \
[:len [:find [/ip firewall connection get $c dst-address] $iponly]] > 0) do={
:log info ("SessionTimeout: " . $username . "@" . $ipaddress)
/ip firewall connection remove $c
:set connremoved 1
}
}
}
}
}
}