In the past we had scripts to generate the firewall rules to deactivate IP addresses and create dest-nat rules. The dest-nat rules directed deactivated customers to a web server displaying a page telling them to pay their bill. With 2.9, the firewall structure has changed, and our old scripts don’t work any more. The author of those scripts no longer works here. Below are examples of what we used to use; however, as I said they don’t work with 2.9. I use these scripts to create rules for 100s of IP addresses and I would appreciate any direction as to how to get them to work with 2.9. Also, if there is a better way I would appreciate that input as well.
// script to add deactivated IP rules
:for e from=227 to=254 do={
/ip firewall rule deactivated add
src-address=(192.168.1. . $e)
src-netmask=255.255.255.255
action=drop}
// script to add dest nat rules
:for e from=227 to=254 step=1 do={
/ip firewall dst-nat add action=nat protocol=tcp
src-address=(192.168.1. . $e)
src-netmask=255.255.255.255 dst-address=:80
to-dst-address=192.168.1.100 to-dst-port=80}