Community discussions

 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

How to create group of address lists?

Mon May 27, 2019 2:49 pm

Hi,
i have address lists in my MikroTik router,
lets say that i have all the IP ranges of Germany
2.16.6.0/23
2.16.23.0/24
.
.
.
and so on
then i have address list for all IP ranges of France
192.168.15.0/24
192.168.20.0/24
.
.
i have applied rules for Germany and applied rules for France.
now i need to apply a winbox access for only IPs who's address list are (Germany and France)
is there any way to group address list?
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: How to create group of address lists?

Mon May 27, 2019 3:43 pm

So you want to allow access to winbox from external sources by IP address?
What about vpn connection?
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: How to create group of address lists?

Mon May 27, 2019 4:13 pm

So you want to allow access to winbox from external sources by IP address?
What about vpn connection?
i will drop any new request which is not from France and Germany

only IPs from France and Germany are allowed to access win box
 
Sob
Forum Guru
Forum Guru
Posts: 4805
Joined: Mon Apr 20, 2009 9:11 pm

Re: How to create group of address lists?

Mon May 27, 2019 6:38 pm

is there any way to group address list?
No.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sindy
Forum Guru
Forum Guru
Posts: 3944
Joined: Mon Dec 04, 2017 9:19 pm

Re: How to create group of address lists?

Mon May 27, 2019 6:48 pm

There is no way to create a meta-address list aggregating several address lists (a list of lists). Closest to what you want is use of firewall filter chain, something like
/ip firewall filter
add chain=input action=accept connection-state=established,related
...
add chain=input action=jump jump-target=input-winbox-src-check in-interface-list=WAN protocol=tcp dst-port=your-winbox-port
...
add chain=input action=drop
...
add chain=input-winbox-src-check src-address-list=France action=accept
add chain=input-winbox-src-check src-address-list=Germany action=accept
add chain=input-winbox-src-check action=drop
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
3liswaid
newbie
Topic Author
Posts: 44
Joined: Thu Feb 14, 2019 5:12 pm
Location: Syria
Contact:

Re: How to create group of address lists?

Tue May 28, 2019 11:40 am

There is no way to create a meta-address list aggregating several address lists (a list of lists). Closest to what you want is use of firewall filter chain, something like
/ip firewall filter
add chain=input action=accept connection-state=established,related
...
add chain=input action=jump jump-target=input-winbox-src-check in-interface-list=WAN protocol=tcp dst-port=your-winbox-port
...
add chain=input action=drop
...
add chain=input-winbox-src-check src-address-list=France action=accept
add chain=input-winbox-src-check src-address-list=Germany action=accept
add chain=input-winbox-src-check action=drop
Thank you,
i will try this solution once i'm back
i'm afraid i will be out of management for a while
 
anav
Forum Guru
Forum Guru
Posts: 3114
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: How to create group of address lists?

Tue May 28, 2019 5:31 pm

I like your plan.
a. there are no hackers in france and germany (FACT)
b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT)
c. allowing access to winbox by external IPs is very safe (FACT).

FACT Foundation for the Advancement of Cardiac Therapies, In (when you learn the truth....... followed by the much needed
FACT Focus on Alternative and Complementary Therapies (for after the cardiac event)
FACT Foundation for Art and Creative Technology (you have imagination at least)
FACT French American Charitable Trust (where your bitcoin ransom is going)
FACT Foreign Affairs Counter Threat Course (chinese facts)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 624
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: How to create group of address lists?

Tue May 28, 2019 6:12 pm

I like your plan.
a. there are no hackers in france and germany (FACT)
b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT)
c. allowing access to winbox by external IPs is very safe (FACT).

FACT Foundation for the Advancement of Cardiac Therapies, In (when you learn the truth....... followed by the much needed
FACT Focus on Alternative and Complementary Therapies (for after the cardiac event)
FACT Foundation for Art and Creative Technology (you have imagination at least)
FACT French American Charitable Trust (where your bitcoin ransom is going)
FACT Foreign Affairs Counter Threat Course (chinese facts)
LOL

I was hoping you'd reply. Funny as always.

Kidding aside, I didn't get the utter trust in "those countries" either.

Cheers

Sent from my cell phone. Sorry for the errors.

___________________________
Alain Casault, Eng.
If I helped you, let me know!

Who is online

Users browsing this forum: No registered users and 111 guests