Having some difficulty with scripting this properly
I’m about to implement a failover script that uses netwatch and tests for reachability of a public IP address. If a route is unreachable it’ll purge the firewall connection table
The problem is this is not selective, it will purge the entire connection table. Ergo if say a backup 4G route is running this script and is a bit unreliable it’s going to keep killing VoIP sessions and all other traffic on the primary as well
I can’t find an easy reliable method to match firewall connections for a specific interface, since it doesn’t record the interface - only IP addresses
I can’t statically write the IP address into the script because they can change over time. And this is a dynamic script I need to deploy to hundreds of routers
yes but there are no parameters that correspond to a specific interface, nor with a route
Only IP addresses are listed, meaning additional steps are required to extrapolate the required information
I managed to figure it out, bit of a pain in the ass as I need to extract the information from the ‘gateway-status’ field in /ip route. Static/dynamic IP routes appear different than PPPoE so it adds an extra step
Then match that against an interface
:local RouteMark "Route_1"
:local t [:tostr [/ip route get [find where routing-mark=$RouteMark dst-address=0.0.0.0/0 active] gateway-status]]
# Extract interface name
:local tf [:pick $t 0 [find $t " "]]
# If snippet is an IP address, grab the last part instead
:if [:toip $tf] do={:global tf [:pick $t ([find $t " via "]+6) [:len $t]]}
:local y [/ip address get [find where interface=$tf] address] ; :set y [:pick $y 0 [:find $y "/"]]
/ip firewall connection remove [find where reply-dst-address~"$y.*"]