Page 1 of 1

BUG IN FIREWALL!!!

Posted: Sat Aug 15, 2009 6:32 am
by karo84
HI!
/ip firewall filter print chain=forward
0 chain=forward action=accept src-address=23.3.3.10

then

/ ip firewall filter remove [/ip firewall filter find src-address=23.3.3.10]
/ip firewall filter print chain=forward
0 chain=forward action=accept src-address=23.3.3.10

or
/ ip firewall filter remove [find src-address=23.3.3.10]
/ip firewall filter print chain=forward
0 chain=forward action=accept src-address=23.3.3.10



What is going on?

I am using ROS 3.28

MT TEAM You have to fix this.
via winbox everything is ok, but via console you can add but NOT remove a firewall rule
I need to remove.
Thanks
Regards Karapet

Re: BUG IN FIREWALL!!!

Posted: Sat Aug 15, 2009 6:44 am
by fewi
You need to quote src-address, as it's a string.

Use
/ip firewall filter remove [/ip firewall filter find src-address="23.3.3.10"]
and it will work. It's not a bug, it's expected behavior.

HTH,
Felix

Re: BUG IN FIREWALL!!!

Posted: Sat Aug 15, 2009 11:19 am
by karo84
Ia have tried. No difference.
Thanks

Re: BUG IN FIREWALL!!!

Posted: Sat Aug 15, 2009 4:38 pm
by davidw
Yep tested on v3.28 and can confirm the same behaviour

/ip firewall filter add chain=forward action=accept src-address=23.3.3.10

then

/ ip firewall filter remove [/ip firewall filter find src-address=23.3.3.10]

Does not work

I did get the following to remove it from the console

/ip firewall filter remove 5

not much use if you can't work out the number to remove though :)

Re: BUG IN FIREWALL!!!

Posted: Sat Aug 15, 2009 7:10 pm
by fewi
Works for me on 3.28:
[admin@MikroTik] > /ip firewall filter add action=accept src-address=23.3.3.10 chain=output     
[admin@MikroTik] > /ip firewall filter pri where src-address=23.3.3.10                     
Flags: X - disabled, I - invalid, D - dynamic 
[admin@MikroTik] > /ip firewall filter pri where src-address="23.3.3.10"
Flags: X - disabled, I - invalid, D - dynamic 
 1   chain=output action=accept src-address=23.3.3.10 
[admin@MikroTik] > /ip firewall filter remove [/ip firewall filter find src-address=23.3.3.10]  
[admin@MikroTik] > /ip firewall filter pri where src-address="23.3.3.10"                      
Flags: X - disabled, I - invalid, D - dynamic 
 1   chain=output action=accept src-address=23.3.3.10 
[admin@MikroTik] > /ip firewall filter remove [/ip firewall filter find src-address="23.3.3.10"]
[admin@MikroTik] > /ip firewall filter pri where src-address="23.3.3.10"                        
Flags: X - disabled, I - invalid, D - dynamic 
[admin@MikroTik] > /sys pack pri
Flags: X - disabled 
 #   NAME                                                                                                  VERSION                                                                                                 SCHEDULED              
 0   system                                                                                                3.28                                                                                                                           
 1   dhcp                                                                                                  3.28                                                                                                                           
 2   routerboard                                                                                           3.28                                                                                                                           
 3   ntp                                                                                                   3.28                                                                                                                           
 4   hotspot                                                                                               3.28                                                                                                                           
 5   security                                                                                              3.28                                                                                                                           
 6   advanced-tools                                                                                        3.28                                                                                                                           
[admin@MikroTik] >