This simple schedule script, allow to make a easy remote reboot of the routerboard.
Add the follow firewall chains in the top of the listing, before any acept or deny chain.
/ip firewal filter
add chain=input protocol=tcp dst-port=3000 action=add-src-to-address-list address-list=reboot3 address-list-timeout=15s disabled=no
add chain=input protocol=tcp dst-port=2000 src-address-list=reboot3 action=add-src-to-address-list address-list=reboot2 address-list-timeout=15s disabled=no
add chain=input protocol=tcp dst-port=1000 src-address-list=reboot2 action=add-src-to-address-list address-list=reboot1 address-list-timeout=120s disabled=no >
and the scheduler:
/ system scheduler
add name=“RebootByKnock” on-event=“:foreach i in=[/ip firewall address-list find list=reboot1] do={
:log info ( “Reboot by port knock from " . [/ip firewall address-list get $i address] )
/ip firewall address-list remove $i
/system reboot
}”
start-date=jan/01/1970 start-time=00:00:00 interval=1m comment=”" disabled=no >
You need to send to the RB, 3 single tcp packets to the ports 3000, 2000 and 1000
When the RB receive the first packet in the port 3000, the IP is added to the ip-address-list with the name reboot3 and timeout 15 seg. After, when the RB receive the second packet in the port 2000 timeout 15 seg, add the IP to de ip address-list with the name reboot2, and when the last packet arrive to the port 1000, the source-ip is added under the list reboot 1
The ports numbers can to be changed, im using no near 3 ports to avoid unespected reboots by ports scanners.
The scheduler, run each 1 minutes, searching for any ip-address-list named “reboot1”, if is found, then is removed from the address-list to avoid indefined reboots and then, the RB is rebooted.
For to send knocking packets to the router, can to be use the client located here and is usedf like so
Knock.exe port:protocol port:protocol port:protocol…
Example:
Knock.exe 192.168.0.1 3000:tcp 2000:tcp 1000:tcp
-RoddyZ