Page 1 of 1

How to create group of address lists?

Posted: Mon May 27, 2019 2:49 pm
by 3liswaid
Hi,
i have address lists in my MikroTik router,
lets say that i have all the IP ranges of Germany
2.16.6.0/23
2.16.23.0/24
.
.
.
and so on
then i have address list for all IP ranges of France
192.168.15.0/24
192.168.20.0/24
.
.
i have applied rules for Germany and applied rules for France.
now i need to apply a winbox access for only IPs who's address list are (Germany and France)
is there any way to group address list?

Re: How to create group of address lists?

Posted: Mon May 27, 2019 3:43 pm
by anav
So you want to allow access to winbox from external sources by IP address?
What about vpn connection?

Re: How to create group of address lists?

Posted: Mon May 27, 2019 4:13 pm
by 3liswaid
So you want to allow access to winbox from external sources by IP address?
What about vpn connection?
i will drop any new request which is not from France and Germany

only IPs from France and Germany are allowed to access win box

Re: How to create group of address lists?

Posted: Mon May 27, 2019 6:38 pm
by Sob
is there any way to group address list?
No.

Re: How to create group of address lists?

Posted: Mon May 27, 2019 6:48 pm
by sindy
There is no way to create a meta-address list aggregating several address lists (a list of lists). Closest to what you want is use of firewall filter chain, something like
/ip firewall filter
add chain=input action=accept connection-state=established,related
...
add chain=input action=jump jump-target=input-winbox-src-check in-interface-list=WAN protocol=tcp dst-port=your-winbox-port
...
add chain=input action=drop
...
add chain=input-winbox-src-check src-address-list=France action=accept
add chain=input-winbox-src-check src-address-list=Germany action=accept
add chain=input-winbox-src-check action=drop

Re: How to create group of address lists?

Posted: Tue May 28, 2019 11:40 am
by 3liswaid
There is no way to create a meta-address list aggregating several address lists (a list of lists). Closest to what you want is use of firewall filter chain, something like
/ip firewall filter
add chain=input action=accept connection-state=established,related
...
add chain=input action=jump jump-target=input-winbox-src-check in-interface-list=WAN protocol=tcp dst-port=your-winbox-port
...
add chain=input action=drop
...
add chain=input-winbox-src-check src-address-list=France action=accept
add chain=input-winbox-src-check src-address-list=Germany action=accept
add chain=input-winbox-src-check action=drop
Thank you,
i will try this solution once i'm back
i'm afraid i will be out of management for a while

Re: How to create group of address lists?

Posted: Tue May 28, 2019 5:31 pm
by anav
I like your plan.
a. there are no hackers in france and germany (FACT)
b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT)
c. allowing access to winbox by external IPs is very safe (FACT).

FACT Foundation for the Advancement of Cardiac Therapies, In (when you learn the truth....... followed by the much needed
FACT Focus on Alternative and Complementary Therapies (for after the cardiac event)
FACT Foundation for Art and Creative Technology (you have imagination at least)
FACT French American Charitable Trust (where your bitcoin ransom is going)
FACT Foreign Affairs Counter Threat Course (chinese facts)

Re: How to create group of address lists?

Posted: Tue May 28, 2019 6:12 pm
by AlainCasault
I like your plan.
a. there are no hackers in france and germany (FACT)
b. there are no computers in france and germany that can be hacked and controlled by Bots (FACT)
c. allowing access to winbox by external IPs is very safe (FACT).

FACT Foundation for the Advancement of Cardiac Therapies, In (when you learn the truth....... followed by the much needed
FACT Focus on Alternative and Complementary Therapies (for after the cardiac event)
FACT Foundation for Art and Creative Technology (you have imagination at least)
FACT French American Charitable Trust (where your bitcoin ransom is going)
FACT Foreign Affairs Counter Threat Course (chinese facts)
LOL

I was hoping you'd reply. Funny as always.

Kidding aside, I didn't get the utter trust in "those countries" either.

Cheers

Sent from my cell phone. Sorry for the errors.