So in essence, I cannot log in to my router unless I use an ICMP protocol to do it. Anybody know how I can get that right?
I suppose I could use the serial console. but that means bringing the AP down (No internet for my clients for a day, plus the time it takes to figure out how to use the console)
Greetings! This is what I do. The order is important!
I curse loudly.
I kick something inanimate real hard.
I curse again when the searing pain rushes up my leg.
I get my laptop and null-modem cable, then limp to my car.
The rest I bet you can guess.
SurferTim
Thank you for adding a bit of humour to my demise, it slightly brightened up my day… I am going to add the filter to the firewall you suggested.
All my computers in my office will need “AP admin rights”
So this is what i am gonna do —
/ip firewall filter
add chain=input action=accept src-address=10.254.0.0/16
place-before=0 AND NEVER REMOVE IT!!!
Normis
I used Mac telnet… I had a relay AP connected to the “broken” AP and MAC Telneted into it. I did try Winbox telnet, but the problem was that if I click on the “elipse” button (…) on winbox… it did not show up on the list. I tried mac anyway, by using my relay system and it worked. Now to try it on the CPE I ‘broke’
if you are not close enough, try to make eopi tunnel to router connected to blocked router and then try to mac-winbox, or try to mac-telnet right away from your closest router on same ethernet
edit:
also, chain - accept me is good idea…
you do not have to put that rule the first one, but make sure that jump there is just right after accept established, that usually is the first rule in firewall to optimise firewall performance as 95% of packets are related/established
I lied. It is not my first rule. Did you notice I did not say “don’t move it”. When they know what is what there, they can move it. All my input chain rules are before this one because I have been doing this a while. It is really just before the
chain=input action=drop
rule.
