Does anyone know how to move a firewall rule from eg row 13 to 1
or from X line to Y line
using script or command line or API call?
Use the “move” command. “numbers” argument is the item(s) to move (in the other they must appear after the move), and the “destination” argument is item above which the targeted item(s) are to appear. If “destination” is omitted, the targeted items are moved to the bottom of the list.
So f.e.
/ip firewall filter move 13 2
or more generally, if you can identify the items by some means other than their position, use that, f.e.
/ip firewall filter move [find where chain=input && comment="allow Winbox"] [find where chain=input]
The API protocol equivalent
/ip/firewall/filter/print
?chain=input
?comment=allow Winbox
/ip/firewall/filter/print
?chain=input
/ip/firewall/filter/move
=numbers=<id you get from the first print above>
=destination=<id you get from the second print above>
I already had found that by my problem still exists.
The problem is that I cannot move a firewall rule above the hotspot dynamic rules via script or API.
If I drag it using winbox/mouse it does move!
What I want to achieve is to move the fasttrack rules and some more above the hotspot rules and gain slightly a bit more speed at non hotspot traffic
The way you can do that is to move the rules above the “unused-hs-chain” chain rule, disable hotspot, then immediately enable it again. This will recreate all dynamic rules, placing them above the “unused-hs-chain” chain rule.
Or if you want to avoid the disable/enable steps, I guess you should be able to target the first dynamic rule by querying for all of its properties, i.e.
/ip/firewall/filter/print
=.proplist=.id
?dynamic=true
?chain=forward
?action=jump
?jump-target=hs-unauth
?hotspot=from-client,!auth