Board info
[admin@MikroTik] > system resource print
uptime: 2w4d23h44m21s
version: 6.44.2 (stable)
build-time: Apr/01/2019 12:47:57
factory-software: 6.40.5
free-memory: 210.5MiB
total-memory: 256.0MiB
cpu: MIPS 1004Kc V2.15
cpu-count: 4
cpu-frequency: 880MHz
cpu-load: 0%
free-hdd-space: 4.8MiB
total-hdd-space: 16.3MiB
write-sect-since-reboot: 30625
write-sect-total: 1118443
bad-blocks: 0%
architecture-name: mmips
board-name: RBM33G
platform: MikroTik
I tried to remove rule number 1 but it didn’t work for some reason. See run example:
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface-list=WAN
1 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
[admin@MikroTik] > ip firewall nat remove [ find dst-port=8103 ]
[admin@MikroTik] > ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface-list=WAN
1 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
Why wasn’t the rule removed?
mkx
November 5, 2019, 2:45pm
2
If you run
/ip firewall nat
remove [ find dst-port=8103 ]
it’ll go. Or oneliner:
ip firewall nat remove [ ip firewall nat find dst-port=8103 ]
The reason being that [ command ] is run under current config position, not under config position of some other command you might eventually use …
Option 2 outputed an error :
[admin@MikroTik] > ip firewall nat remove [ ip firewall nat find dst-port=8103 ]
bad command name ip (line 1 column 26)
[admin@MikroTik] > ip firewall nat remove [ ip firewall nat find dst-port=8103 and action=dst-nat ]
bad command name ip (line 1 column 26)
option 1 didn’t work, but afterwards deleting using other key worked:
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface-list=WAN
1 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
2 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
3 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
4 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
[admin@MikroTik] > /ip firewall nat remove [ find dst-port=8103 ]
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface-list=WAN
1 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
2 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
3 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
4 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
[admin@MikroTik] > /ip firewall nat
[admin@MikroTik] /ip firewall nat> remove [ find dst-port=8103 ]
[admin@MikroTik] /ip firewall nat> /ip firewall nat
[admin@MikroTik] /ip firewall nat> /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface-list=WAN
1 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
2 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
3 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
4 chain=dstnat action=dst-nat to-addresses=10.7.0.103 to-ports=8554 protocol=tcp dst-port=8103
[admin@MikroTik] /ip firewall nat> /
[admin@MikroTik] > /ip firewall nat remove [ find chain=dstnat ]
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade out-interface-list=WAN
eworm
November 5, 2019, 3:16pm
4
Try to quote the port number:
/ip firewall nat remove [ find dst-port="8103" ]
Alternatively convert it to a string, may be required in a script:
/ip firewall nat remove [ find dst-port=[ :tostr 8103 ] ]
And this is the prove it is correct:
:put [ :typeof [ /ip firewall nat get [ find where dst-port="8103" ] dst-port ] ]
str