As per the subject, there seems to be a problem with the in-interface-list value.
I suspect it’s supposed to read !LAN but can’t be sure. It is the last rule in /ip firewall filter print.
Any assistance or suggestions gratefully received.
Hamish.
Did you find this rule preconfigured in some router? What version?
What problem are you encountering with this?
this is a broken reference to an interface list element that has been deleted.
if you rename an element, say LAN to whatever_else, all referring objects will be updated.
however if you delete the object - like in this case, the entry in “/interface list” was removed by someone - the referring configuration items loose the reference, hence the “name” will be shown as a red coloured hexadecimal object indentifier. and this way it is dead, and cannot be revived.
even if you re-create the previously deleted entry by adding a new one with the same name, the reference remains broken, as this will be a “new” object, and references are maintained “internally” by their object identifiers, instead names.
if you mistakenly delete any object, it will break all references (firewall rules, ppp profiles, etc) instantly. you can fix this by undoing your actions only - if you don’t do it, then you have to fix all the references by hand. and there’s much chance for forgetting some…
Thank you for the responses. Much appreciated for my first post.
Did you find this rule preconfigured in some router?
No, the problem appeared following an upgrade to the latest release.
What version?
RouterOS 6.41
What problem are you encountering with this?
The device is unresponsive to connections from Winbox, ssh, etc. I am connected by serial cable to the console port.
if you mistakenly delete any object, it will break all references (firewall rules, ppp profiles, etc) instantly. you can fix this by undoing your actions only - if you don’t do it, then you have to fix all the references by hand. and there’s much chance for forgetting some…
OK, well, in case there wasn’t any response from my query I went on to investigate this further and came to the same conclusion about the red lettered “*FFFFFFFF” “name.”
/interface list add LAN
/interface list member add list="LAN" interface="bridge1"
/ip firewall filter set 8 in-interface-list=!LAN
And WinBox happily and swiftly connected.
Thanks for the explanation of the risks of deleting names. It will inform future actions.
Hamish.