I have my network 172.50.100.X to 172.50.100.XXX, I made in /ip firewall address-list two groups of ip addresses one that goes from 172.50.100.2-172.50.100.100 and the other group that goes from 172.50.100.101-172.50.100.254,
:put [/ip firewall address-list get [find where list=“1”] address]
172.50.100.2-172.50.100.100
:put [/ip firewall address-list get [find where list=“2”] address]
172.50.101.2-172.50.100.254
With those two groups of IP addresses in the address list, how do I disable them in the simple queue? I need your help, please.
You have to use the address-list to mark-packet= in firewall mangle, then in simple queue’s advanced tab, you can set it to use the packet marks to you set based on address-list.
But since one of thing about “simple queue” is that it already operates on addresses. Note, typically packet marks are used in a /queue/tree, so kinda off the well-trotted path using packet marks with simple queue.
You instead of using address-list, you just define them as “target” in simple queue. Perhaps that mean maintaining two list… Now you may been multiple targets, with different CIDR prefixes to capture an arbitrary range. But if the address-list are broken along CIRD lines, it be easier.
I have my network 172.50.100.1 to 172.50.100.254, I made in /ip firewall address-list two groups of ip addresses one that goes from 172.50.100.2-172.50.100.100 and the other group that goes from 172.50.100.101-172.50.100.254,
:put [/ip firewall address-list get [find where list=“1”] address]
172.50.100.2-172.50.100.100
:put [/ip firewall address-list get [find where list=“2”] address]
172.50.100.101-172.50.100.254
With those two groups of IP addresses in the address list, how do I disable them in the simple queue? I need your help, please.
If you want better help, provide better information…
Your problem is there is not direct link between an /ip/firewall/address-list and /queue/simple.
And that cannot be "fixed.
You need a different approach to how you’ve set your simple queue. The way to “prevent” an address-list (that represents /24 subnet) from going into a “simple” queue is for it not to be in the target. Period.
As noted above, you can use the firewall to action=mark-packet based on your two address list. Then in the simple queue you want to “exclude” them, configure the /queue/simple to only accept packets with no-mark. Since your address-list and firewall would have add “mark”, they’d be excluded.
Also 172.50.0.0 is a public address… so if using those internally as private address, that’s not a good idea. The private IP range for “172”'s is 172.16.0.0 =.x to 172.31.255.255.
I have my network 192.168.10.1 to 192.168.10.254, I made in /ip firewall address-list two groups of ip addresses one that goes from 192.168.10.2-192.168.10.100 and the other group that goes from 192.168.10.101-192.168.10.254,
:put [/ip firewall address-list get [find where list=“1”] address]
192.168.10.2-192.168.10.100
:put [/ip firewall address-list get [find where list=“2”] address]
192.168.10.101-192.168.10.254
With those two groups of IP addresses in the address list, how do I disable them in the simple queue? I need your help, please.
