How to delete a subnet

RouterOS Scripting
1

Hello everyone,

I am currently writing a WAN failover script and I am stuck…
I would like to kill all connections to the internet. That is, all connections with a dst-address different from RFC1918.

When I run this :

/ip firewall connection print where dst-address!="192.168.0.0/16"
Flags: E - expected, S - seen-reply, A - assured, C - confirmed, D - dying, F - fasttrack, s - srcnat, d - dstnat 
 #          PR.. SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT     ORIG-RATE REPL-RATE ORIG-PACKETS REPL-PACKETS
 0  SAC     tcp  192.168.56.1:50831    192.168.56.101:8291   established 23h59m59s    10.7kbps  20.7kbps        5 496        6 921
 1    C     icmp 192.168.56.101        1.1.1.1                           9s             896bps      0bps          842            0
 2    C     icmp 192.168.56.101        8.8.8.8                           9s             448bps      0bps          833            0
 3    C     icmp 192.168.56.101        192.168.16.1                      9s             896bps      0bps          825            0
 4    C     udp  192.168.56.101:2055   192.168.56.111:2055               8s               0bps      0bps            1            0

I have all the connections…
I tried with :

/ip firewall connection print where dst-address~!"192.168.0.0/16"

without success.

How can I filter these connections ?

2

Hello!


/ip firewall connection print where dst-address~!“192.168.0.0/16”

It doesn’t work like that.

https://wiki.mikrotik.com/wiki/Manual:Regular_Expressions

You can mark ISP-connections in mangle

;;; ISP1 new inbound
chain=prerouting action=mark-connection new-connection-mark=isp1_conn passthrough=no connection-state=new in-interface=ether1 ipsec-policy=in,none 

;;; ISP1 new outbound
chain=postrouting action=mark-connection new-connection-mark=isp1_conn passthrough=no connection-state=new out-interface=ether1 ipsec-policy=out,none

and then you can delete this connections by using this mark, when you need

:local ISPconnMark "isp1_conn"
/ip firewall connection remove [find where connection-mark=$ISPconnMark]