Editing a firewall rule using Net_RouterOS

RouterOS Scripting
1

Hello there,

I’m new to Mikrotik (not new to PHP) and I have a problem. I am trying to use https://github.com/pear2/Net_RouterOS (Utils)
to connect to Mikrotik and do CRUD on firewall rules. I’m stuck on edting a rule. I have the rule “.id” and I can retreive it from the device but I have
no idea how to edit the rule using that “.id”. Thank you!

2

.id are some temporary stuff in RouterOS and can not be used directly.
Eks I see with /ip firewall filter print that rule I need to edit is marked 4. This I can not use.

If I do use find like this (since I know the comment is drop):
:put [/ip firewall filter find where comment~“drop”]
Same rule in number *12

So to disable that rule:

/ip firewall filter disable [/ip firewall filter find where comment~"drop"]

No number are used.

Can be shorten some:

/ip firewall filter disable [find where comment~"drop"]

So you need to find some unique for that rule, it can be IP, comment ++++

3

Hm I’m, not sure I understand.

So if “.id” is not usable what identificator I can use to store it alongside a firewall rule in the database (for backup and sync)?

I should be using “comments” as identificator field!? Hope not…

What I did manage was to retreive the rule from the MIrkotik by using

$rule = $util->get(\PEAR2\Net\RouterOS\Query::where('.id', Input::get('mikrotik_internal_id')));

which works. Then I tried applying that loigc to ->set but I keep getting "“Error when setting items”

Here is the code I’m trying:

$util->setMenu('/ip firewall filter');
            $rule = $util->set($mikrotik_internal_id, [
                'chain'            => $fw_rules_chain,
                'action'           => $fw_rules_action,
                'src-address'      => $src_address,
                'dst-address'      => $dst_address,
                'dst-address-type' => $dst_address_type,
                'protocol'         => $protocol,
                'src-port'         => $protocol_src_port,
                'dst-port'         => $protocol_dst_port,
                'port'             => $protocol_any_port,
                'in-interface'     => $in_interface,
                'out-interface'    => $out_interface,
                'src-address-list' => $fw_rules_src_addrress_list,
                'dst-address-list' => $fw_rules_dst_addrress_list,
                'connection-state' => $fw_rules_connection_state,
                'comment'          => $fw_rules_comment,
            ]);

where $mikrotik_internal_id is the value of “.id” field.

4

Id is just and internal value at the moment you search for some.

You need to find the filter rule by using where and then some field that make it unique.
Best way is to add an custom id to the comment field and then search for it.

Example add a comment to the rule with some like this “AZ43”, then the search would be:

/ip firewall filter disable [/ip firewall filter find where comment~"AZ43"]