Remove Mangle via MAC Address

LogicalNZ · September 17, 2019, 3:09am

Hey All,

Been trying to work out how to remove a Mangle rule via CLI (so I can script).

The Add command is:

/ip firewall mangle add src-mac-address=00:00:00:00:00:00 chain=prerouting action=mark-packet new-packet-mark=bad-mac comment=“Layer2 Firewall”

I have tried the following with no luck:

/ip firewall mangle remove [/ip firewall mangle find src-mac-address=00:00:00:00:00:00]

Any ideas?

Jotne · September 17, 2019, 5:26am

You was very close. Only miss quote on the variable “00:00:00:00:00:00”

/ip firewall mangle remove [/ip firewall mangle find src-mac-address="00:00:00:00:00:00"]

PS use code tags around your code post. Select code, click <>

I always use :put to test of some works or not.
Try these two and see difference:

:put [/ip firewall mangle find src-mac-address="00:00:00:00:00:00"]
:put [/ip firewall mangle find src-mac-address=00:00:00:00:00:00]

LogicalNZ · September 17, 2019, 7:34am

Thank you so much. As you can tell i’m New to Mikrotik scripting.

A dumb question I’m sure, what the heck does Put do?

Thanks again!

Jotne · September 17, 2019, 11:20am

:put #sends output to terminal
:log # sends output to log screen

Start by reading this https://wiki.mikrotik.com/wiki/Manual:Scripting

Open a terminal window or SSH/Telnet to the router.
Cut an past this to the terminal

{
:local test "hello world"
:put $test
}

LogicalNZ · September 17, 2019, 6:18pm

Ok, that makes sense - I have been using Winbox and not SSH when doing my scripting.

Do you find it easier to create scripts via SSH or do you just use it for seeing your put comments?

I have been reading the manual, but I’m no programmer (more of a script brasher).

I have been working on (and now have working) a layer 2 firewall script. What it does is look at a IP address list, convert the addresses to MAC then firewalls them. It also removes the MAC address when the IP is removed from the list.

It uses mangle so only one firewall drop rule is required to use (two actually, input and forward). Still lots to do to tidy up my untidy code, but I have it working now

Thanks for your help

LogicalNZ · September 17, 2019, 7:04pm

Hmmm, so very odd - using either a putty terminal or the terminal in Winbox, I get no output from the “put” command.

Any ideas why this would be?

I have even tried just a simple:

:put "hello world"

But to no avail?

Jotne · September 17, 2019, 7:38pm

It should work on both SSH and terminal within Mikrotik.
I do all my script testing from terminal, mostly SSH, since its easy to see whats going on.

[admin@test] > :put "hello world"
hello world
[admin@test] >

Look at my Splunk for Mikrotik in my signature. There I do use script to get lots of data out from the Router.

raffav · September 17, 2019, 7:51pm

The put will “echo” the variable

>:global var1 "hello"
> :put $var1          
hello
> :global var2 "world"
> :put $var2
world
>