Hi everybody,
I’m network administrator. My company has 200 computers which are connected through a network. We use Mikrotiks as routers in our network. Very often, due to my boss’ request, I need to update Miktoriks ACL’s to grant or deny access to specific ip addresses. The latest consumes a lot of my time.
Does anybody know a program which can automate the ACL modification process?
Thanks!
please give us more information for what do you want.
and which method you are still using?
php-api + ftp ??
Currently I’m logging to each routers using telnet, go to “/ip firewall address-list” and add/remove ip address from the “Allowed_IP_Addresses” list. The list is used in firewall rules.
I’m wondering if there is a program, where can I add my 200 ip addresses, be able to set the state for each ip address (to be included in “Allowed_IP_Addresses” or not) and finally, the program automatically login to each mikrotik router and issue the corresponding commands.
I have found a startup project called IPControl (ipcontrol.lug.am) which solved my problem.
IPControl stores all ip addresses and their states in the DB. The states of ip addresses are possible to change from the web interface (the access is allowed or denied). After changes made IPControl generates ACLs using predefined ACL templates and upload it to the Mikrotik routers.
Very nice project.
Hi!
I have a similar problem in a bit more complex network where I have different brand routers and devices, not only MikroTik and I’m overboard with manually modifying the ACLs. Besides the time and the energy spent on that routine, the job is also extremely error prone and human-factor dependent, which makes me verify the configuration every time I update it.
Now I’m also looking for a automated tool which can handle my situation but my case is way more complex. I have many cascaded routers and situations, when I have to let one router pass the traffic from a specific IP and the other router block it, thus allow the IP access some part of the network while deny the remaining. Will look into the startup you mentioned, not sure if it will work for me, however, this is better than nothing. May be I can achieve the result with some customizations!
Have a great day!