Hello,
I need to help Connect Mikrotik to PHP
I have billing system for users but I can not automatic add, disable, enable or edit users in mikrotik from php
can anyone help me?
Look up the API on the wiki.
I have some stuff connected with integrating billing with Mikrotik routers. Write an email to me.
I want to disable user from php
I wrote this script:
<?php
require('mikrotik.php');
$API = new routeros_api();
$API->debug = true;
if ($API->connect('123.123.123.123', 'admin', 'root')) {
$API->write('ip firewall filter add chain=input src-address=13.13.13.13 action=accept disabled=yes');
$READ = $API->read(false);
$ARRAY = $API->parse_response($READ);
print_r($ARRAY);
$API->disconnect();
}
when i open this in browser:
Connection attempt #1 to 123.123.123.123:8728… <<< [6] /login >>> [5/5 bytes read. >>> [5, 39] !done >>> [37/37 bytes read. >>> [37, 1] =ret=6484868b370e2f2c381b06f161e5d226 <<< [6] /login <<< [11] =name=admin <<< [44] =response=0023ad4ee121dab3e5d0e23457ce4dd210 >>> [5/5 bytes read. >>> [5, 1] !done Connected… <<< [85] ip firewall filter add chain=input src-address=13.13.13.13 action=accept disabled=yes >>> [5/5 bytes read. >>> [5, 40] !trap >>> [31/31 bytes read. >>> [31, 8] =message=no such command prefix >>> [5/5 bytes read. >>> [5, 1] !done Array ( [!trap] => Array ( [0] => Array ( [message] => no such command prefix ) ) ) Disconnected…
can anyone help me?
<?php require('mikrotik.php'); $API = new routeros_api(); $API->debug = true; if ($API->connect('123.123.123.123', 'admin', 'root')) { $API->write('ip firewall filter add chain=input src-address=13.13.13.13 action=accept disabled=yes'); $READ = $API->read(false); $ARRAY = $API->parse_response($READ); print_r($ARRAY); $API->disconnect(); } ``` > Take a look at the examples in the wiki. API command syntax is different than cli. The above command would be written something like this: ```text $API->write('/ip/firewall/filter/add', false); //this is the basic command; false says the there are more lines to the command. $API->write('=chain=input',false); // this is another part of the command $API->write('=src-address=13.13.13.13',false); // more $API->write('=action=accept', false); //more $API->write('=disabled=yes'); //all done; ``` The command is a single line and then parameters are additional lines. Why do you want it disabled?
reverged
Thank you 
ok Thank you, I add firewall entry and is it ok.
but when I need to change firewall entry I had problem…
I can not send correct “number”.
for example when I type from putty command is:
ip firewall filter set action=drop numbers=2
from php I think script is:
$API->write('/ip/firewall/filter/set', false);
$API->write("=action=drop",false);
$API->write("=numbers=2");
but I have error:
. <<< [23] /ip/firewall/filter/set <<< [13] =disabled=yes <<< [10] =numbers=2 >>> [5/5 bytes read. >>> [5, 42] !trap >>> [11/11 bytes read. >>> [11, 30] =category=0 >>> [21/21 bytes read. >>> [21, 8] =message=no such item >>> [5/5 bytes read. >>> [5, 1] !done Array ( [!trap] => Array ( [0] => Array ( [category] => 0 [message] => no such item ) ) ) Disconnected
What can I do?
thank you in advance 
“numbers” don’t work in api, afaict. You have to find the “.id” of the filter rule first, then use that to change the rule.
$API->write("/ip/firewall/filter/print");
Will return all the filter rules including the .id’s. They are hex values with an asterisk. The asterisk is important.
You can put search criterion on the print command, such as sending this text as the second line of the command:
$API->write("?src-address=13.13.13.13");
Then you will only see .id’s for items having that source address. Remember to put ‘false’ as the second parameter to the /ip/firewall/filter/print command…
Then use:
$API->write('/ip/firewall/filter/set', false);
$API->write("=.id=<the id goes here>", false);
$API->write("=action=drop");
Thank you very much, but I still need your help
- $API->write(‘/ip/firewall/filter/add’,false);
- $API->write(‘=chain=forward’,false);
- $API->write(“=src-address=$ip”,false);
- $API->write(‘=action=accept’,false);
- $API->write(‘=comment=’.$abonenti.‘’,false);
- $API->write(“=src-mac-address=$maci”,false);
- $API->write(‘=place-before=0’,false);
- $API->write(‘=disabled=no’);
\ - $API->write(‘/ip/firewall/filter/add’,false);
- $API->write(‘=chain=forward’,false);
- $API->write(“=src-address=$ip”,false);
- $API->write(‘=action=accept’,false);
- $API->write(‘=comment=’.$abonenti.‘’,false);
- $API->write(“=src-mac-address=$maci”,false);
- $API->write(‘=disabled=no’);
I need to add filter rule on the top of the table. because at the bottom I hav DROP rule, and I need to add rule before the DROP.
for this I write “1” script, and it is not working… “$API->write(‘=place-before=0’,false);” because this command…
everything else is write, because 2 script is working, but it adds rule at the bottom…
how can I add filter rule at the top of the table?
thank you in advance.
firewall rules are printed out in order they are in, so , you have to get .ID of the first rule in the chain (in the firewall) and use that in place-before. in CLI you can use console numbering, but in API you have to refer to item .id field or to item name.
Thank you for your answer, but I didn’t understand little.
exactly what is .id?
as you see in attached picture .id is the number witch is under #. I understand correct?
and my script is following:
$API->write('/ip/firewall/filter/add',false);
$API->write('=chain=forward',false);
$API->write("=src-address=$ip",false);
$API->write('=action=accept',false);
$API->write('=comment='.$abonenti.'',false);
$API->write("=src-mac-address=$maci",false);
$API->write("=place-before=.0",false);
$API->write('=disabled=no');
but it is not working…
please is you know help me..
thank you…
usually .id value is star with hex number, here are some examples
*2DA
*2
*A
so when you get results of this command:
/ip/firewall/print
=.proplist=.id
you will get list like this:
=.id=*A
=.id=*B
=.id=*C
janisk
can you send me some example?
it is not clear what example i can give you?
firewall rules are in strict order, so print, and first one will be the correct one, or add some comment to tag the real first rule if you are in doubt.
Commands you use are correct, just values you are placing in are not.
in previous post i gave you examples on how these .id field values looks like - it is star with hex number following that start.
so in short - .id field value you should use to address entries when using API have “*” as a prefix and HEX number afterwards, like *1, *2, *3 .. *A … *F,*10
you can go and use python API example client where you will see clearly, what you send router and what exactly router replies.
Hello
I need to remove DROP filter rule from mikrotik, you can see on picture, I made comment “000009”.
I have this script, But I have error…
Can you correct my script and write me exactly script for my situation.
Thank you in Advance..
<? require('routeros_api.class.php'); $API = new routeros_api(); $API->debug = true; include "router_config.php"; \ \ $API->write('/ip/firewall/filter/remove',false); $API->write('=comment=000009'); $READ = $API->read(false); $ARRAY = $API->parse_response($READ); print_r($ARRAY); $API->disconnect(); ?>
$API->write('/ip/firewall/filter/print',false);
$API->write('?comment=000009');
return will print whole entry where comment is as in querry.
if you will use proplist, then you can limit output to just .id field
when you have the .id, you can remove the item
$API->write('/ip/firewall/filter/remove',false);
$API->write('=.id=*HEXNUM');
Can u share billing system ? If yes send me pm with link
Hello,
thank you for this
so I want to edit by php api some filter rulls, for example edit filter rull’s sourse ip address.
can you write for me this script?
Can u share billing system ? If yes send me pm with link
now its only beta version
so I want to edit by php api some filter rulls, for example edit filter rull’s sourse ip address.
can you write for me this script?
$API->write('/ip/firewall/filter/edit',false);
$API->write("=.id=$id",false);
$API->write("=src-address=$ip",false);
$API->write("=src-mac-address=$maci");
yes, that looks reasonable, you just have to get correct value for .id field to address correct rule.