As in the question, I need to use a script to delete all the connections of the specified ip, but the port number of the ip is different, the script does not know how to write the most efficient.
Probably all your connections have that. It is your own external IP used to translate the internal address (the 1st column) to the internet address you have.
(100.127.248.189 is another “internal IP”, which will again be translated further down the path by your ISP)
After the pppoe client is disconnected and reconnected, the ip will change, and there will be many old connections in the connection list, which will not disappear for a long time.
When you have only a single connection it is easy to remove all tracking entries using: /ip firewall connection remove [find]
You can place that in the “On Down” script in the PPP profile used with the PPPoE connection (copy profile “default”, make that change, and set the PPP profile in the PPPoE client).
I know this method, the script can only target one connection, but also know the specific port number.
:for sola from=1 to=65536 do={
This method is also possible, but it is very CPU-intensive and deletion is very slow. I wonder if there is a script that can be deleted just by looking at the ip and not recognizing the port number.
/ip firewall connection remove [find where reply-dst-address~“1.2.3.4”]
Is this an endpoint router that has only a single PPPoE uplink and not much else?
When the PPPoE goes down you can basically delete all connections without looking at address or port number.
It would also be possible to use a nat entry with “masquerade” instead of “src-nat”, as that will automatically delete the connection entries when the PPPoE goes down.
However, that should be done only on a simple endpoint router and not when you have many PPPoE connections because that deletion costs CPU and it will heavily load the router when PPPoE links go up and down regularly.
(that is also why you find the recommendation to use src-nat instead of masquerade in such setups)
Perfect script
That is true, but by adding that script you are throwing that advantage away. The script will now consume the CPU that is implicitly consumed when using masquerade.
Using the script given upstairs, the consumption is particularly small, and the CPU consumption is basically not felt during use.
This will also remove connections for addresses 11.2.3.4 and 1.2.3.44… Better match beginning and end of the address when using regular expressions:
/ip firewall connection remove [ find where reply-dst-address~"^1.2.3.4:" ]