Detecting user using service - need script help

mockey · January 15, 2012, 9:48pm

Hello!
I need a script that checks the user 10.10.10.1 uses the service 10.10.20.1 on port 520, and as a result enable / disable the firewall filter.

The idea is to use the records dst-address (10.10.20.1:520), src-address (10.10.10.1) and tcp-state (established) of /ip firewall connection, but I don’t know how to write it.

!conditions missing! do={
/ip firewall filter disable [/ip firewall filter find comment=1010101];
} else={
/ip firewall filter enable [/ip firewall filter find comment=1010101];
}

plz help
thanks

huigezi · January 16, 2012, 12:21pm

hi
first you must add a rules for example:

/ip firewall filter
add action=add-src-to-address-list address-list=list address-list-timeout=10s chain=forward comment="" disabled=no \
    dst-address=10.10.20.1 dst-port=520 protocol=tcp src-address=10.10.10.1

then copy the script to system scheduler / set 10s interval time

:do {
:local a [:len [/ip firewall address-list find list=list]]
/ip firewall filter
:foreach i in=[find comment="1"] do={
:if ($a="1") do={disable $i;
} else={
enable $i
}}}

mockey · January 16, 2012, 7:51pm

Dear huigezi,

it’s very short and very clever solution. Works exactly as expected!

Thank you very much for your time.

regards
mockey