Hello,

when i type "ip firewall filter disable 1" in terminal, then the first rule was disabled.
But the same command in a script disables the 4th rule, very strange...

Somebody can help me?

The rule numbers are associated dynamically by the print command, and only remain valid until the next print of the same table.
So to specify a rule for modification within a script, use /ip firewall filter disable [find chain=... action=... ...] to specify the rule. Test the proper conditions in advance, because some values can be matched by plain =, but some have to be matched by ~ (regular expression matching).

Ok, i have undestand!
But what is the reason for this behaviour?

When i look at the filter rules numerated in Winbox, then this numbers should be the same for scripting, in my opinion?

Best regards!

Think about what happens if you add a rule somewhere between the existing ones. How would your script learn the new number of the rule it works with?

The line numbers are intended solely as a help for the human administrator when modifying the configuration, so that the find would not be necessary for every step done manually.

Ok, but it is strange that rule 1 in terminal is real rule 1 and at the same time - without changes - in script is rule 4.

Now i have used find command and all is good, thanks!

Before you can use the (rules) line numbers you first have to fixate them in a script.
Then determine the dynamic lines to skip.
The lines start a 0 (zero) and dynamicLines gets the number of lines. So you don't have to add a extra line-number to use place-before. It is already the correct line.

Bit rusty on this so I had to look it up. Have fun.

I use the comment field to uniquely identify one rule in scripts,
i.e.

/ip firewall filter
enable [ find where comment = "rule to block muppets"]