Probably a dumb question but can’t figure it out… for some reason I seem to be locked out of ssh / winbox on my router from LAN. Thankfully I have console access but still can’t see what is blocking me…
What else should I check ?
Anything in /ip firewall raw?
nope
Any suggestion ? What can I “trace” to see why my connections are not going through ? Bit strange…
Easy way to make sure if it’s blocked by some firewall rules or not, is to allow acces for yourself and add it as first rule:
/ip firewall filter add chain=input src-address=<your_address> action=accept place-before=0
If it helps, then it was some other rule blocking you. To find out which one, move this rule down the chain step by step and try to connect again. When it stops working again, you found it, it will be the previous rule.
Thanks - that’s a neat trick I will make a note of.
I eventually restored a known working backup - I’m still not exactly sure of what I broke there (is there some sort of “diff” tool ?) but it worked out of the box and I simply re-applied the few changes I had since.
If you have binary backups, they are no fun to work with, you don’t see what’s inside. Text exports are better in this regard, you can easily compare them as text files, put them in some versioning system like git to have history of changes, anything. Unfortunately, exports don’t contain all data (e.g. users or certificates), so they can’t completely replace backups.