Community discussions

MUM Europe 2020
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 7:33 pm

Hello.

This is my question.

I know in linux server (any) that works as router we have to write firewall rules in config file and than after each start of the system they must be set by command like this for example "post-up iptables-restore < /etc/iptables.up.rules"

I need to set rules temporary in routers os till it working, such as in linux in command line without saving (adding).

Is this possible in routers os and how?
 
User avatar
pukkita
Trainer
Trainer
Posts: 2986
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 9:29 pm

Not sure what you want, I assume you're logged in remotely and are afraid of being locked out?

The first tip is use safe mode in winbox, the button on the top left corner. If a rule disconnects you from the router, it will rollback to the state prior to enabling safe mode. If you exit safe mode it will "commit" the changes.

You also can add "disabled" rules that will have no effect until you enable them, useful for ordering, etc.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 9:44 pm

Not sure what you want, I assume you're logged in remotely and are afraid of being locked out?
No. I just want to connect remotely to router, set the firewall rule and disconnect. I do not want to save rule in firewall table. I need to have clean firewall table if router powered off or after reboot. Thats it.
 
bkuhn
Frequent Visitor
Frequent Visitor
Posts: 73
Joined: Fri Oct 15, 2010 12:17 am

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 9:47 pm

Sounds like you are looking for a feature like the Cisco startup-config and running-config.

What about a script that runs on boot of the MT and removes the firewall rules?
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 10:13 pm

Sounds like you are looking for a feature like the Cisco startup-config and running-config.
No. It's other things. I saw startup sctipts in DD-WRT. And i can do what i need in DD-WRT, because it is clean linux in substance.

But i need to do it on Mikrotik, because i have a lot of such devices.

Again. I need the firewall rule will be SET (temporary in memory by command line command ) not ADD (write) in firewall table. Is it possible on Mikrotik as in simple linux?
 
User avatar
pukkita
Trainer
Trainer
Posts: 2986
Joined: Wed Dec 04, 2013 11:09 am
Location: Spain

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 10:20 pm

I think you can accomplish the same by adding them disabled. That way they will be stored but not in effect until you enable them.

If you want them active, but to be removed after a reboot, you can manually set up a script to disable or delete them on reboot.
Simplicity is the Ultimate Sophistication - Da Vinci
Getting the most out of this forum
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 10:28 pm

I think you can accomplish the same by adding them disabled. That way they will be stored but not in effect until you enable them.
Sorry, you don't understand what i need. But tnks for trying.
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Thu May 21, 2015 10:31 pm

Mark the rules by some comment and schedule on start script that deletes so marked rules (or all).
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Thu May 21, 2015 10:31 pm

Oh. It was suggested already...
 
jaykay2342
Member
Member
Posts: 335
Joined: Tue Dec 04, 2012 2:49 pm
Location: /Vigor/LocalGroup/Milky Way/Earth/Europe/Germany

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 10:39 pm

maybe you want to tell us why you need them. although i don't think routeros can do temp firewall rules there might be an other solution for you problem.
9-5 Job: Securityanalyst at a major MSSP.
Free time volunteer: Networkadmin and founder at a small non-profit WISP.
Certifications: ITILv3, GCIA
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Thu May 21, 2015 10:57 pm

I think you can accomplish the same by adding them disabled. That way they will be stored but not in effect until you enable them.
Sorry, you don't understand what i need. But tnks for trying.
You forgot to quote this line from the same post:
If you want them active, but to be removed after a reboot, you can manually set up a script to disable or delete them on reboot.
This is exactly what you want.

And as jarda said:
Mark the rules by some comment and schedule on start script that deletes so marked rules (or all).
Oh. It was suggested already...
And just in case you're looking for a safety net in case of mistakes configuring a remote device, as has been mentioned, safe mode accomplishes this goal.
http://forum.mikrotik.com/viewtopic.php?t=50735

But of course there are other reasons to have configurations that go away after a reboot.....
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Fri May 22, 2015 12:01 am


You forgot to quote this line from the same post:
If you want them active, but to be removed after a reboot, you can manually set up a script to disable or delete them on reboot.
This is exactly what you want.
I want NOT WRITE rules in table at all. Removing after reboot - is write and then delete. I need some rules to set and work in memory till device will powered off. Like simple linux system can do in command line.

Maybe developers can tell exactly is it possible or no?

Can't find information about it anything else. So... have to ask here.
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4051
Joined: Wed May 11, 2011 6:08 pm

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Fri May 22, 2015 12:23 am

I want NOT WRITE rules in table at all. Removing after reboot - is write and then delete. I need some rules to set and work in memory till device will powered off. Like simple linux system can do in command line.
Mikrotik saves its configuration immediately with each change, so there's no way to keep a firewall rule from being saved in the configuration. Only safe mode makes changes "temporary," and those changes revert if your terminal session is disconnected before ending safe mode, and they commit when you end safe mode, so this isn't what you want.

I'm not really a fan of scripting things, but deleting rules at bootup with a script gives operationally the same thing as having lost them at power-off, so I don't see how that's "not a solution" unless you're wanting to have ANY commands be rolled back by a reboot, but you're only saying firewall rule here in your thread... (or are worried about someone dumping the flash memory and reading configurations while the router is powered off). Yes, it's a work-around, but it's a viable in most cases.

You could also use the partition feature to save a reference configuration if you just want something to fall back to - but it sounds like "anything that hits the flash memory is completely and utterly unacceptable" so I'm going to stop offering ways to achieve the stated goal because obviously there is a hidden agenda which makes the behavior more important than the goal.
When given a spoon,
you should not cling to your fork.
The soup will get cold.
 
fbslim
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Wed Feb 22, 2012 12:17 pm

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Fri May 22, 2015 12:45 am

Deleting at boot with script gives operationally the same thing - so I don't see how that's "not a solution"
Yes, it's a work-around, but it's a viable one.
OK. You are right. The only thing i have now - deleting script. I'll try. Thank you!

Who is online

Users browsing this forum: No registered users and 96 guests