Hi all,
We upload many dst-nat rules via a script to redirect customers as required.
However, I have 1 dst-nat rule which I need to always be at the bottom of the list (last read).
The issue is, as new rules are uploaded, the one rule I need to be last is being pushed up and no longer last.
Is there a way around this ?
Thanks 
you can use place-before with your rule if you have your rules commented or you know the number.
place-before=[find comment=NAT]
or place-before=6
example.
/ip firewall nat add action=dst-nat chain=dstnat comment="dns Test" disabled=yes dst-port=53 protocol=udp to-addresses=10.0.0.252 to-ports=53 place-before=[find comment=NAT]
Perfect that does work
However, if that comment doesn’t exist, the rule is not inserted, it errors.
I was hoping it would just insert it normally if the place-before command did not match.
Or am I doing it wrong ?
No, the [find] makes it conditional. If it doesn’t find what is specified, it doesn’t do it.
If you do this a lot, it would be worth your effort to comment the last rule on all your devices.
If it doesn’t matter where the rule is placed, as long as it’s not last, use “place-before=0”. That will put it before all other rules.
Perfect !
Thanks very much for your help Aug.