Using Webfig to manage an RB-951G router with version 38.5 of RouterOS I disabled the WLAN interface - either via the Interfaces page or the Wireless page. The simplified router setup on the Quick Set was displayed as WISP-AP even though it had been substantially modified. Disabling the WLAN interface caused it to switch to CAP mode. Unfortunately - and for reasons I don’t understand - the change trashed a whole series of firewall rules. It doesn’t do this consistently but on testing I have found that it is does this occasionally - replacing the original firewall rules with a different (more more limited) set. In this case the change introduced some kind of security vulnerability. The router was hijacked and ended up being used to send a large stream of outbound traffic.
I am not sure whether this is a “feature” or a bug, but in my view it is close to being a catastrophic flaw. I run a wireless ISP and work with several other WISPs, all of whom rely on Mikrotik routers for CPE equipment - either RB-951s or more recent variants. It is quite common that a user wants to switch off the WLAN interface on the WISP router because they have other WiFi equipment and would like to avoid excessive use of the 2.4 GHz spectrum. For many reasons that I won’t go into using Webfig is the default way of managing customer routers after they are first set up, so any user who follows the simple and direct way of disabling the wireless interface will be at risk of hijacking, etc. Either this is fixed quickly or we will have to find another source for our CPE routers.
How do you expect QuickSet to reflect your ‘substantial’ modifications? Obviously it can’t.
Continuing to use it after you have modified things manually is never going to work, so don’t do it. You just have to accept this.
Either this is fixed quickly or we will have to find another source for our CPE routers.
Never use Quickset to modify an existing configuration!
It has been often requested to remove Quickset when other config has been made (showing it only one time after reset config)
but it has never happened. The new 6.39 release will put Qickset on a different tab so it is not used so easily.
You can also remove Quickset using the skin edit feature.
Both responses misunderstand the point that was being made. At no time did I use Quick Set to change the settings. I was simply describing how Quick Set responded to the action of disabling the WLAN interface. Further, it should be remembered that Quick Set is the default page that shows when first logging on to Webfig. It provides the only easy way for a user to, for example, change a password. It is the overlap between simple tasks of that kind and major changes linked to changes in the router’s role that seems to be the source of the problem. Perhaps Version 6.39 will deal with this.
Of course I do not operate under the illusion that the loss of a few thousand sales will have much influence on Mikrotik’s software development policies. But it is akin to the canary in a mine. Mikrotik kit is - or used to be - cheap but the software has its quirks (to put it politely). For network use we can live with the quirks. However, the CPE kit is no longer particularly cheap and the quirks - like this one - are much more of a problem when you have to cope with an increasing number of customers who may want to change the router settings. Removing firewall settings behind the user’s back is a complete no-no as far as I am concerned.