Community discussions

MikroTik App
 
jvolkhausen
just joined
Posts: 4
Joined: Fri Apr 26, 2019 8:44 am

Re: Feature requests

Mon Mar 16, 2020 1:06 pm

Give the ability to secure firewall rules.
For remote systems it will be not good if the managemend firewall rules are deleted. For this reason i think it would be nice to have a feature to secure these rules in any way like locking. For the first step it would reach the target to just secure the rule itself. The big shot would be to lock also the place in the firewall chain.
The workflow in my mind looks like this:
creation
- create rule
- lock rule

modify
- unlock rule
- modify rule
- lock rule

delete
- unlock rule
- delete rule
 
pe1chl
Forum Guru
Forum Guru
Posts: 6333
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Mon Mar 16, 2020 2:13 pm

Give the ability to secure firewall rules.
I think it would be more useful as a limited-user capability where users can be created that have precisely
defined capabilities for each configuration item. (no access, read-only, add-only, modify, delete)
This is not limited to firewall.
This would allow ISPs that roll out managed routers to give their customers some limited capability that they
require, but not full access to the entire config.
 
User avatar
SiB
Long time Member
Long time Member
Posts: 601
Joined: Sun Jan 06, 2013 11:19 pm
Location: Poland

Re: Feature requests

Mon Mar 16, 2020 2:28 pm

To the last 2 answers.
In my opinion that changes are good but not must. Proper comments with chain-name with jump action can create a proper tree of action at firewall and this "lock/unlock" is not that necessery.
About change in firewall, better will be better note/log a change what we do inside ROS, currently history is not useful when you do few changes in one module, like firewall.
From what I will be know what rule change what back/undo command where are all the same in system history ?
Image
MTCNA + MTCRE + MTCINE | ~600 users at ~150 RouterBoards in EMEA | Telegram: @SiB_PL
WinBox Tip: F6 works as ALT+TAB | Gliffy.com - free network schematic | prnt.sc - free ScreenShot software
I will be at MUMEUROPE Prague on ?? ?? 202?
 
User avatar
normis
MikroTik Support
MikroTik Support
Topic Author
Posts: 24496
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature requests

Mon Mar 16, 2020 2:35 pm

Yes, RouterOS v7 has better command history, you will be able to see specific command that was executed.
No answer to your question? How to write posts
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8370
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Mon Mar 16, 2020 3:38 pm

For remote systems it will be not good if the managemend firewall rules are deleted.
Welcome to the Safe Mode :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8370
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature requests

Mon Mar 16, 2020 3:44 pm

Yes, RouterOS v7 has better command history, you will be able to see specific command that was executed.
Just an example, that's cool:
 > /sys history print detail 
Flags: U - undoable, R - redoable, F - floating-undo 
 U redo=/interface eoip remove bridge2 
    undo=
      /interface eoip add arp=enabled arp-timeout=auto disabled=no mac-address=\
          6A:F5:C8:E5:62:12 mtu=auto name=bridge2
    action="device removed" by="admin" policy=write time=mar/13/2020 14:06:52 
The only problem is... That was actually "bridge" interface, not "eoip" :D
> /interface/bridge/add name=brrr
> /sys history print detail      
Flags: U - undoable, R - redoable, F - floating-undo 
 U redo=/interface eoip add name=brrr undo=/interface eoip remove *3 
    action="device added" by="admin" policy=write time=mar/16/2020 16:44:09 

Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6001
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature requests

Mon Mar 16, 2020 4:19 pm

Thanks, If you find anything else strange with history report to support.
 
nimbo78
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Tue Jan 14, 2014 9:09 pm

Re: Feature requests

Tue Mar 17, 2020 2:40 pm

Don't forget to add VRF for management interface!
+1
 
pe1chl
Forum Guru
Forum Guru
Posts: 6333
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature requests

Thu Mar 26, 2020 1:45 pm

Please add extra parameter "regexp" (including NOT operator) to "/system logging" rules so you can specify a regexp on the logged message to be (not) matched before the specified action is taken.
Often there are many messages with exactly the same topics but widely different purpose, and some of the topics are quite verbose so one would want to see (or suppress) certain messages.

Also, it would be nice to have some way of triggering scripts directly from logging, e.g. a new "action" type "script" that executes a script for every logging item sent to that action.

Who is online

Users browsing this forum: nick7 and 95 guests