im new here, so im sorry if i didnt include all info
im currently using this command to get a list of all NAT rules that do not have a src-address-list selected , but its not giving me back the results, i suspect because the =null is not the right way to ask for “nothing is selected”
:put [/ip firewall nat get [find where disabled=no && src-address-list=null] ]]
does anyone here know how i can properly set that if src-address-list is empty ? aka no address list is selected
:put [/ip/firewall/nat find where disabled=no src-address-list=[:nothing]]
Thanks So Much!!!
id like to see the full NAT rule in the result, currently it only shows me
*1;*19;*17;*1e;*1f
/ip/firewall/nat
:foreach r in=[find where disabled=no src-address-list=[:nothing]] do={
:put [get $r]
}
to get only certain property, eg. action, use
[get $r action]
/ip/firewall/nat/print where disabled=no src-address-list=[:nothing]
For just printing in CLI it is better like that, if some processing of rules is needed then find/get in loop needs to be used…
it works when i run it from WInBox
but not from Unimus
do you have experience with unimus too ?
unfortunately no
Why that complicated, treat the fields as having also a state:
/ip/firewall/nat/print where !disabled !src-address-list
:put (/ip/firewall/nat get [find where !disabled !src-address-list])
It’s shorter, did’t know you can use negation here. But this line is not working when multiple rules are found, you can’t use get from list, must be in loop and must be surrounded with [] to even execute.
:put ([/ip/firewall/nat get [find where !disabled !src-address-list]])
invalid internal item number
:put (get [/ip/firewall/nat find where !disabled !src-address-list])
*636;*637;*4d1;*66a;*66f;*300;*4ea;*2f3;*2f4;*2f5;*668;*2f8;*2f9;*2fa;*66e;*59f;*574;*2ff;*2fc;*2fb;*49a;*2fe;*302;*303;*304
Shorthand version:
:pu (g [/ip/f/n f w !disabled !src-address-list]
*636;*637;*4d1;*66a;*66f;*300;*4ea;*2f3;*2f4;*2f5;*668;*2f8;*2f9;*2fa;*66e;*59f;*574;*2ff;*2fc;*2fb;*49a;*2fe;*302;*303;*304
I see more than one .id being returned when I change the location of the path.
And then I adapt your code, also to be able to run from any path without needing to change the /ip/firewall/nat path on forehand:
:foreach r in=[/ip/firewall/nat find where !disabled !src-address-list] do={:put [/ip/firewall/nat get $r]}
Not sure how ROS rsc interpreter works internally but I assign path before loop just in case of possible performance improvement and it is a bit smaller length of code since path is not repeated all the time. And it is possible to have it in single line if you want like this:
/ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get $r]}
Converted to code:
:put [:parse ":foreach r in=[/ip/firewall/nat find where !disabled !src-address-list] do={:put [/ip/firewall/nat get $r]}"]
(evl /foreachcounter=$r;do=;(evl (evl /putmessage=(evl (evl /ip/firewall/nat/get))));in=(evl (evl /ip/firewall/nat/findwhere=$chain;$action;$jump-target;$to-add
resses;$to-ports;$same-not-by-dst;$randomise-ports;$connection-limit;$layer7-protocol;$realm;$protocol;$src-address;$dst-address;$fragment;$psd;$ipv4-options;$s
rc-address-type;$dst-address-type;$src-address-list;$dst-address-list;$hotspot;$address-list;$address-list-timeout;$ttl;$connection-mark;$connection-type;$conne
ction-bytes;$connection-rate;$routing-mark;$in-interface;$out-interface;$in-interface-list;$out-interface-list;$in-bridge-port;$out-bridge-port;$in-bridge-port-
list;$out-bridge-port-list;$packet-mark;$src-port;$dst-port;$port;$icmp-options;$src-mac-address;$content;$ingress-priority;$priority;$dscp;$limit;$dst-limit;$t
ime;$random;$nth;$tcp-mss;$per-connection-classifier;$packet-size;$log;$log-prefix;$ipsec-policy;$tls-host;$bytes;$packets;$invalid;$dynamic;$disabled;$comment;
$.id;$.nextid;$.dead;( (! $disabled) (! $src-address-list));5))
:put [:parse "/ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get $r]}"
/ip/firewall/nat/;(evl /foreachcounter=$r;do=;(evl (evl /putmessage=(evl (evl /ip/firewall/nat/get))));in=(evl (evl /ip/firewall/nat/findwhere=$chain;$action;$j
ump-target;$to-addresses;$to-ports;$same-not-by-dst;$randomise-ports;$connection-limit;$layer7-protocol;$realm;$protocol;$src-address;$dst-address;$fragment;$ps
d;$ipv4-options;$src-address-type;$dst-address-type;$src-address-list;$dst-address-list;$hotspot;$address-list;$address-list-timeout;$ttl;$connection-mark;$conn
ection-type;$connection-bytes;$connection-rate;$routing-mark;$in-interface;$out-interface;$in-interface-list;$out-interface-list;$in-bridge-port;$out-bridge-por
t;$in-bridge-port-list;$out-bridge-port-list;$packet-mark;$src-port;$dst-port;$port;$icmp-options;$src-mac-address;$content;$ingress-priority;$priority;$dscp;$l
imit;$dst-limit;$time;$random;$nth;$tcp-mss;$per-connection-classifier;$packet-size;$log;$log-prefix;$ipsec-policy;$tls-host;$bytes;$packets;$invalid;$dynamic;$
disabled;$comment;$.id;$.nextid;$.dead;( (! $disabled) (! $src-address-list));5))
You will notice that the code inserts the path here: “in=(evl (evl /ip/firewall/nat/findwhere=” and so the the loop will be the same. This is done because you changed first the path and it just takes the current path. The advantage of my code is that is independent of location from where it is started.
I didn’t closely examine parsed code before, but now I see it puts unnecessary path call
/ip/firewall/nat/;
, same path to which commands are appended that are without path, this doesn’t make sense and generates more code when parsed. Not a smart parser.
I assume the the parsed code is executed from the root and not from inside the path.
im not getting the response when im running this code from unimus
/
[unimus@bph_main] > /i
[unimus@bph_main] > /ip
[unimus@bph_main] > /ip/
[unimus@bph_main] > /ip/f
[unimus@bph_main] > /ip/fi
[unimus@bph_main] > /ip/fir
[unimus@bph_main] > /ip/fire
[unimus@bph_main] > /ip/firew
[unimus@bph_main] > /ip/firewa
[unimus@bph_main] > /ip/firewal
[unimus@bph_main] > /ip/firewall
[unimus@bph_main] > /ip/firewall/
[unimus@bph_main] > /ip/firewall/n
[unimus@bph_main] > /ip/firewall/na
[unimus@bph_main] > /ip/firewall/nat
[unimus@bph_main] > /ip/firewall/nat;
[unimus@bph_main] > /ip/firewall/nat;
[unimus@bph_main] > /ip/firewall/nat; :
[unimus@bph_main] > /ip/firewall/nat; :f
[unimus@bph_main] > /ip/firewall/nat; :fo
[unimus@bph_main] > /ip/firewall/nat; :for
[unimus@bph_main] > /ip/firewall/nat; :fore
[unimus@bph_main] > /ip/firewall/nat; :forea
[unimus@bph_main] > /ip/firewall/nat; :foreac
[unimus@bph_main] > /ip/firewall/nat; :foreach
[unimus@bph_main] > /ip/firewall/nat; :foreach
[unimus@bph_main] > /ip/firewall/nat; :foreach r
[unimus@bph_main] > /ip/firewall/nat; :foreach r
[unimus@bph_main] > /ip/firewall/nat; :foreach r i
[unimus@bph_main] > /ip/firewall/nat; :foreach r in
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[f
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[fi
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[fin
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find w
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find wh
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find whe
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find wher
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !d
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !di
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !dis
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disa
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disab
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabl
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disable
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !s
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !sr
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-a
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-ad
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-add
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-addr
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-addre
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-addres
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-l
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-li
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-lis
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list]
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list]
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] d
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do=
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:pu
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [g
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [ge
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get $
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get $r
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get $r]
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get $r]}
[unimus@bph_main] > /ip/firewall/nat; :foreach r in=[find where !disabled !src-address-list] do={:put [get $r]}
expected command name (line 1 column 4)
To do tests, do you use Unimus on a device with RouterOS v6 and WinBox on another with v7?
to do tests, i used winbox and it worked great
but via unimus it does not work
most of my routers connected via unimus are version 6.
You basically didn’t answer me.
You cannot use RouterOS v7 syntax on RouterOS v6
so the command was specifically for V7?
do you know what the command should be for Version 6?