Enable, disable the rule in NAT using the button

RouterOS Scripting
1

Hello,

I want to disable and enable the rule in Ip>Firewall>NAT, knowing the comment rule.
I use a API in C#, and tik4net

Here is part of my code:
private void button1_Click(object sender, EventArgs e)
{
using (ITikConnection connection = ConnectionFactory.CreateConnection(TikConnectionType.Api))
{
string HOST = “ipAddress”;
string USER = “login”;
string PASS = “password”;
connection.Open(HOST, USER, PASS);
var rules = connection.LoadSingle();

string OutText = rules.Id;
OutText = OutText + "Comment " + rules.Comment;

label1.Text = OutText;
}
}

I get an error: tik4net.TikCommandAmbiguousResultException: “only one response item expected, returned 2 items”
If I understand correctly, I am using the wrong extension. What do I need to use the extension, and how do I disable the rule?

2

Why would you like to change the NAT rule?
When would you change the rule?
What button do you like to use? The mode button on the router?
Could his be done using a script on the router?

3

Why would you like to change the NAT rule?
I want to enable and disable from an application on a computer or phone

I try this way:
ITikCommand cmd = connection.CreateCommandAndParameters(“/ip/firewall/nat/set find[comment=” + nameRule + “] disable=yes”);
cmd.ExecuteNonQuery();

But I get an error: “no such command”

Still found out that API supports query operator only in print command. How in my case to separate the receipt and deactivation of a rule in NAT?

4

Why would you like to do that?

Also what button? Physical on the router or in a program on a computer?

I do try to see what you try to do. There may be other way to solve it.

5

Also what button? Physical on the router or in a program on a computer?
this is a soft button on the computer, which with one click will disable the rule on the router in NAT

6

Why on the computer?

Could this not be done with the button on the router.
Or a script that triggers the NAT change based on x,y,z

I try to see why you need to do this remote and not on the router itself.

7

I need to do this on a computer, and on a mobile. So that a person can turn off access in a few clicks anywhere where there is Internet without going into Winbox.

8

Can anyone help me with this issue?

9

I still managed to turn the rule on and off. But this works with the GetId () property; TikSpecialProperties.Id, that is, using the identifier that is assigned to the NAT rule. How to make a rule disconnect using a comment on this rule? Do TikSpecialProperties have this property?
Using id is not convenient, because if you re-create the rules, it changes. Or the id in the rule can somehow be changed on the side Mikrotik?

private void button1_Click(object sender, EventArgs e)
{
using (ITikConnection connection = ConnectionFactory.CreateConnection(TikConnectionType.Api))
{
string HOST = “ipAddress”;
string USER = “login”;
string PASS = “passwd”;

connection.Open(HOST, USER, PASS);

string nameRule = “test”;

var natRule = connection.CreateCommandAndParameters(“/ip/firewall/nat/print”, “comment”, nameRule).ExecuteList();
// var result = natRule.ExecuteList();
var id = natRule.Single().GetId();
var disableRule = connection.CreateCommandAndParameters(“/ip/firewall/nat/disable”, TikSpecialProperties.Id, id);
disableRule.ExecuteNonQuery();
}
}
private void button2_Click(object sender, EventArgs e)
{
using (ITikConnection connection = ConnectionFactory.CreateConnection(TikConnectionType.Api))
{
string HOST = “ipAddress”;
string USER = “login”;
string PASS = “passwd”;

connection.Open(HOST, USER, PASS);

var natRule = connection.CreateCommandAndParameters(“/ip/firewall/nat/print”, “comment”, “test”).ExecuteList();
var id = natRule.Single().GetId();
var enableRule = connection.CreateCommandAndParameters(“/ip/firewall/nat/enable”, TikSpecialProperties.Id, “*8”);
enableRule.ExecuteNonQuery();
}
}

10

use [find property=value] instead of an ID. You can search your rule using any property, e.g. a comment that you set on the rule.

11

is there an example of this method?

12

I already figured out the id and disabled the rule, thanks !. Please tell me how can I delete all existing connections with the specified dst port?

13

id changes all the time and can not be used in any script. You need to find the id as part of the script when it runs.

14

I noticed that id changes if, re-create the rule in nat. But still, it is assigned to a variable.

15

I was able to delete the established connection. But there is a problem when there are more than one connection, I get an error at the stage: var id = connect.Single().GetId();
The error sounds like this: System.InvalidOperationException: “The sequence contains more than one element”.

Please tell me how can I delete all existing established connections?

16

really no one came across in order to disable all the connections knowing the dst-address?

17

I found how to disable all established connections, but what other syntax do I need to disable only those in dst-nat ipAddress:port
var list = connection.CreateCommandAndParameters(“/ip/firewall/connection/print”, TikCommandParameterFormat.NameValue,“.proplist”, “.id”).ExecuteList();
foreach (var item in list)
{
connection.CreateCommandAndParameters(“/ip/firewall/connection/remove”, “.id”, item.Words[“.id”]).ExecuteNonQuery();
}

18

your doing this all wrong. use port knocking to have a script check an address-list if something is present make the changes you want. that way it is all self contained into the router and the button can just be a dump widget on an android screen or something similiar. no smart api needed.

19

Is it possible with API to know if the rule is disabled or enabled? ..his condition

20

Thanks to everyone, I figured it out