Remove a connection via script

ulink · September 15, 2015, 5:32pm

Using a netwatch script to remove a firewall connection. Using

/ip firewall connection remove [find dst-address=111.222.333.444:5060]

It runs in terminal but the connection never disappears. I need to manually remove it.

Is my syntax wrong?

marrold · September 15, 2015, 5:36pm

How do you manually remove the connection?

ulink · September 15, 2015, 5:42pm

Just in winbox. Firewall connections tab, select the dst-address I am looking for and hit the remove button.

marrold · September 15, 2015, 6:21pm

I think it should be

 /ip firewall connection remove [/ ip firewall connection find dst-address=111.222.333.444:5060]

What’s the reason you’re doing this by the way? I work as a VoIP engineer so maybe I can help.

ulink · September 15, 2015, 11:39pm

You may, thanks.
Setup a tik for WAN fail over using netwatch. I want to see wan1 fail, bring up wan2, remove the SIP registration to my voip server allowing it to re-initialize via the new route.
I can manually remove the connection and see it pop back up under the new route but, that defeats the purpose.

bajodel · September 16, 2015, 5:03am

Do not use ‘=’ , use instead ‘~’ to match dst-address and use double quotes ..

/ip firewall connection remove [/ ip firewall connection find dst-address~“111.222.333.444:5060”]

ulink · September 16, 2015, 11:53am

Ill give that a shot and post back.

marrold · September 16, 2015, 12:04pm

I’m curious, what benefit is this?

Ah ok. It may be better to create a script that clears all connections, unless these lines are used only for SIP.

ulink · September 17, 2015, 3:34am

That line worked!
What I am trying to achieve is keeping a call going even if the primary connection fails. Clearing the SIP registration between the phone and server is my plan. I can clear the SIP registration and it pops back up about 5 seconds later on either connection, which is ideal.
Any insight you can provide into optimizing that would be appreciated.

bajodel · September 21, 2015, 11:16pm

Glad to hear that

Clearing SIP conntrack item let your sip device start a new registration on the failover link, so that your next call will work. Doing the same on failover you can quick restore your sip reg on regular link.

(I’m assuming a nat scenario) Not so easy and, anyway, sip/rtp conntrack clearing is definitely not enough. You would need some layer2/3 tunnelling techniques and some fast failure detection ability (e.g. BFD)

Nevon · March 15, 2018, 2:03pm

Someone who has an working script for a failover script that deletes SIP connection back and forward?

Thanks