Hello.
This is my question.
I know in linux server (any) that works as router we have to write firewall rules in config file and than after each start of the system they must be set by command like this for example “post-up iptables-restore < /etc/iptables.up.rules”
I need to set rules temporary in routers os till it working, such as in linux in command line without saving (adding).
Is this possible in routers os and how?
Not sure what you want, I assume you’re logged in remotely and are afraid of being locked out?
The first tip is use safe mode in winbox, the button on the top left corner. If a rule disconnects you from the router, it will rollback to the state prior to enabling safe mode. If you exit safe mode it will “commit” the changes.
You also can add “disabled” rules that will have no effect until you enable them, useful for ordering, etc.
No. I just want to connect remotely to router, set the firewall rule and disconnect. I do not want to save rule in firewall table. I need to have clean firewall table if router powered off or after reboot. Thats it.
Sounds like you are looking for a feature like the Cisco startup-config and running-config.
What about a script that runs on boot of the MT and removes the firewall rules?
No. It’s other things. I saw startup sctipts in DD-WRT. And i can do what i need in DD-WRT, because it is clean linux in substance.
But i need to do it on Mikrotik, because i have a lot of such devices.
Again. I need the firewall rule will be SET (temporary in memory by command line command ) not ADD (write) in firewall table. Is it possible on Mikrotik as in simple linux?
I think you can accomplish the same by adding them disabled. That way they will be stored but not in effect until you enable them.
If you want them active, but to be removed after a reboot, you can manually set up a script to disable or delete them on reboot.
Sorry, you don’t understand what i need. But tnks for trying.
Mark the rules by some comment and schedule on start script that deletes so marked rules (or all).
Oh. It was suggested already…
maybe you want to tell us why you need them. although i don’t think routeros can do temp firewall rules there might be an other solution for you problem.
You forgot to quote this line from the same post:
This is exactly what you want.
And as jarda said:
And just in case you’re looking for a safety net in case of mistakes configuring a remote device, as has been mentioned, safe mode accomplishes this goal.
http://forum.mikrotik.com/t/winbox-safe-mode/46117/1
But of course there are other reasons to have configurations that go away after a reboot…
I want NOT WRITE rules in table at all. Removing after reboot - is write and then delete. I need some rules to set and work in memory till device will powered off. Like simple linux system can do in command line.
Maybe developers can tell exactly is it possible or no?
Can’t find information about it anything else. So… have to ask here.
Mikrotik saves its configuration immediately with each change, so there’s no way to keep a firewall rule from being saved in the configuration. Only safe mode makes changes “temporary,” and those changes revert if your terminal session is disconnected before ending safe mode, and they commit when you end safe mode, so this isn’t what you want.
I’m not really a fan of scripting things, but deleting rules at bootup with a script gives operationally the same thing as having lost them at power-off, so I don’t see how that’s “not a solution” unless you’re wanting to have ANY commands be rolled back by a reboot, but you’re only saying firewall rule here in your thread… (or are worried about someone dumping the flash memory and reading configurations while the router is powered off). Yes, it’s a work-around, but it’s a viable in most cases.
You could also use the partition feature to save a reference configuration if you just want something to fall back to - but it sounds like “anything that hits the flash memory is completely and utterly unacceptable” so I’m going to stop offering ways to achieve the stated goal because obviously there is a hidden agenda which makes the behavior more important than the goal.
OK. You are right. The only thing i have now - deleting script. I’ll try. Thank you!