API Address-list ip removal intermittently not working.

HI all,

I have made a walled garden for my non-paying customers as a replacement for my old method of disconnecting them. We however have a LNS cluster so I need to add and remove the Addresses form the address list on 10 routers. This part was easy.

the problem im having is for some reason, sometimes, the addresses don’t remove! Its very annoying and I cant figure out why.

now I thought it could have just locked up on one router, but, it does not remove it from any.

API SCRIPT: [when I want to remove a single IP from the overdue list]

 
$ipAddress='192.168.1.1'; //ip from billing_script


$API->write('/ip/firewall/address-list/print', false);
	                    $API->write("?address=$ipAddress");
	                    $API->write('=.proplist=.id',false);
	                    $tarefas = $API->read();

	                    foreach ($tarefas as $tarefa):
	                           $API->write('/ip/firewall/address-list/remove', false);
	                           $API->write('=.id='.$tarefa['.id']);
	                           $API->read();
	                    endforeach;

Output on router (Debug):
<<< [31] /ip/firewall/address-list/print <<< [21] ?address=192.168.1.1 <<< [14] =.proplist=.id >>> [3/3] bytes read. >>> [3, 110]!re >>> [10/10] bytes read. >>> [10, 99]=.id=*1B90 >>> [22/22] bytes read. >>> [22, 76]=list=payment_reminder >>> [21/21] bytes read. >>> [21, 54]=address=192.168.1.1 >>> [14/14] bytes read. >>> [14, 39]=dynamic=false >>> [14/14] bytes read. >>> [14, 24]=dynamic=false >>> [15/15] bytes read. >>> [15, 8]=disabled=false >>> [5/5] bytes read. >>> [5, 1]!done <<< [32] /ip/firewall/address-list/remove <<< [10] =.id=*1B90 >>> [5/5] bytes read. >>> [5, 40]!trap >>> [31/31] bytes read. >>> [31, 8]=message=no such command prefix >>> [5/5] bytes read. >>> [5, 1]!done



Running my script that flushes all IP’s off my address list (and then re-adds them) works, but I don’t want to do this every time, that’s a lot of load on the routers.

Try to use the argument “=numbers=” or the “remove” instead of “=.id=”.

Better yet, I suggest you upgrade RouterOS to at least 6.7 (if it’s not there already) and instead of removing expired entries, when adding them, use the “timeout” argument to specify a duration, after which the item will be automatically removed by RouterOS itself.

We use 6.12 across the network, some devises still run 6.9 and a few run later releases. However, an ‘expiry’ will not work well for what we use it for, we want to re-enable the internet for users as soon as they pay, not hours later with an automated update, not when it should just be a simple API function as above.

I will see if I can figure out =numbers=, may need to google some examples unless you have any?

actual API communication

$ python3 api.py cap admin ""
<<< /login
<<<
>>> !done
>>> =ret=f9e34f0aa6a16789b9c74eda738a18e5
>>>
<<< /login
<<< =name=admin
<<< =response=009113385802febfb2f56f3cfcefd2e5a5
<<<
>>> !done
>>>
/ip/firewall/address-list/print

<<< /ip/firewall/address-list/print
<<<
>>> !done
>>>
/ip/firewall/address-list/print

<<< /ip/firewall/address-list/print
<<<
>>> !re
>>> =.id=*1
>>> =list=test
>>> =address=1.1.1.1
>>> =dynamic=false
>>> =dynamic=false
>>> =disabled=false
>>>
>>> !done
>>>
/ip/firewall/address-list/print
=.proplist=.id,address
?address=1.1.1.1

<<< /ip/firewall/address-list/print
<<< =.proplist=.id,address
<<< ?address=1.1.1.1
<<<
>>> !re
>>> =.id=*1
>>> =address=1.1.1.1
>>>
>>> !done
>>>
/ip/firewall/address-list/remove
=numbers=*1

<<< /ip/firewall/address-list/remove
<<< =numbers=*1
<<< 
>>> !done
>>>

numbers field comes form this:
[admin@3B17-S1] /ip firewall address-list> remove
Remove specified item (or several items).

– List of item numbers

However, an ‘expiry’ will not work well for what we use it for, we want to re-enable the internet for users as soon as they pay, not hours later with an automated update, not when it should just be a simple API function as above.

An address list item can be a duplicate one, so there’s nothing preventing you from having the client’s IP that will soon expire AND a new address list item that is going to expire next month or whatever (and happens to contain the exact IP address, the exact list name, the exact comment and everything…) - both before and after the period, both items are matches against whatever rules are allowing their internet. Once the first one expires, the second item’s presence would ensure the rule will still be matched, in turn ensuring normal uninterrupted operation.

The only reason not to use this approach is if you wish to transfer their unused time for next month, i.e. accumulate it. If you want to do THAT, you can use “set” on the old item, to modify its timeout to be its current one, plus one month or whatever your payment period is.

Hi,
I’m using php scripte to remove users from hotspot(user-manager) … but my scripte cant find the users ID ,

<?php require('connect.php'); if (isset($_POST['checkbox'])){ session_start (); $API = new routeros_api(); $API->debug = true; $nbselect = count($_POST['checkbox']); $name = $_POST['checkbox']; if($API->connect($_SESSION['adip'], $_SESSION['login'], $_SESSION['pwd'])) { $names = $_POST['checkbox']; foreach ($names as $i => $value) { $name=$names[$i]; $INFO = $API->comm('/tool/user-manager/user/print', array( "?name" => "$name", ".proplist" => ".id" )); $API->comm('/tool/user-manager/user/remove', array(".id"=>$INFO[0]['.id'])); } } } ?>

Result :

Connection attempt #1 to 192.168.1.203:8728… <<< [6] /login >>> [5/5] bytes read. >>> [5, 39]!done >>> [37/37] bytes read. >>> [37, 1]=ret=86ff7e1bff2e08e4420e80e65e098140 <<< [6] /login <<< [11] =name=admin <<< [44] =response=00c7dda866594ce2b100acdbac59354c1b >>> [5/5] bytes read. >>> [5, 1]!done Connected… <<< [29] /tool/user-manager/user/print <<< [14] ?name=mee
<<< [14] =.proplist=.id >>> [5/5] bytes read. >>> [5, 1]!done <<< [30] /tool/user-manager/user/remove <<< [5] =.id= >>> [5/5] bytes read. >>> [5, 1]!done


please Help