Community discussions

 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

BUG IN FIREWALL!!!

Sat Aug 15, 2009 6:32 am

HI!
/ip firewall filter print chain=forward
0 chain=forward action=accept src-address=23.3.3.10

then

/ ip firewall filter remove [/ip firewall filter find src-address=23.3.3.10]
/ip firewall filter print chain=forward
0 chain=forward action=accept src-address=23.3.3.10

or
/ ip firewall filter remove [find src-address=23.3.3.10]
/ip firewall filter print chain=forward
0 chain=forward action=accept src-address=23.3.3.10



What is going on?

I am using ROS 3.28

MT TEAM You have to fix this.
via winbox everything is ok, but via console you can add but NOT remove a firewall rule
I need to remove.
Thanks
Regards Karapet
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: BUG IN FIREWALL!!!

Sat Aug 15, 2009 6:44 am

You need to quote src-address, as it's a string.

Use
/ip firewall filter remove [/ip firewall filter find src-address="23.3.3.10"]
and it will work. It's not a bug, it's expected behavior.

HTH,
Felix
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
User avatar
karo84
Member Candidate
Member Candidate
Topic Author
Posts: 194
Joined: Fri Aug 17, 2007 9:06 am

Re: BUG IN FIREWALL!!!

Sat Aug 15, 2009 11:19 am

Ia have tried. No difference.
Thanks
 
davidw
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Fri Apr 27, 2007 11:11 pm

Re: BUG IN FIREWALL!!!

Sat Aug 15, 2009 4:38 pm

Yep tested on v3.28 and can confirm the same behaviour

/ip firewall filter add chain=forward action=accept src-address=23.3.3.10

then

/ ip firewall filter remove [/ip firewall filter find src-address=23.3.3.10]

Does not work

I did get the following to remove it from the console

/ip firewall filter remove 5

not much use if you can't work out the number to remove though :)
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: BUG IN FIREWALL!!!

Sat Aug 15, 2009 7:10 pm

Works for me on 3.28:
[admin@MikroTik] > /ip firewall filter add action=accept src-address=23.3.3.10 chain=output     
[admin@MikroTik] > /ip firewall filter pri where src-address=23.3.3.10                     
Flags: X - disabled, I - invalid, D - dynamic 
[admin@MikroTik] > /ip firewall filter pri where src-address="23.3.3.10"
Flags: X - disabled, I - invalid, D - dynamic 
 1   chain=output action=accept src-address=23.3.3.10 
[admin@MikroTik] > /ip firewall filter remove [/ip firewall filter find src-address=23.3.3.10]  
[admin@MikroTik] > /ip firewall filter pri where src-address="23.3.3.10"                      
Flags: X - disabled, I - invalid, D - dynamic 
 1   chain=output action=accept src-address=23.3.3.10 
[admin@MikroTik] > /ip firewall filter remove [/ip firewall filter find src-address="23.3.3.10"]
[admin@MikroTik] > /ip firewall filter pri where src-address="23.3.3.10"                        
Flags: X - disabled, I - invalid, D - dynamic 
[admin@MikroTik] > /sys pack pri
Flags: X - disabled 
 #   NAME                                                                                                  VERSION                                                                                                 SCHEDULED              
 0   system                                                                                                3.28                                                                                                                           
 1   dhcp                                                                                                  3.28                                                                                                                           
 2   routerboard                                                                                           3.28                                                                                                                           
 3   ntp                                                                                                   3.28                                                                                                                           
 4   hotspot                                                                                               3.28                                                                                                                           
 5   security                                                                                              3.28                                                                                                                           
 6   advanced-tools                                                                                        3.28                                                                                                                           
[admin@MikroTik] > 
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.

Who is online

Users browsing this forum: No registered users and 48 guests