Hi,
I’m wondering if there is a way to script an update to the winbox available from address. What I want to do is limit access to winbox on client routers to only my office. However my office doesn’t have a static address so I can’t set the available from address to my current WAN address because it could get locked out. I can add an address list with my DDNS address and it resolves but I can’t add a DDNS address to the available from section (/ip services winbox set address). Is there a script that can either take this address list resolved IP and put it in the winbox allowed from section and I can schedule it to run every so often, or a script that can just resolve my DDNS address (example.myoffice.com) and update the allowed from address in winbox? I can do VPN on all of these client routers but would still like access via winbox without it being fully open. I haven’t yet tried just adding the resolved address list to the firewall rule /ip firewall filter add action=accept chain=input comment=“Winbox over Internet” disabled=yes dst-port=8291 protocol=tcp.
I use different ports but put the default here to keep mine private. Rule is disabled for security right now until I can limit what is allowed access.