Page 1 of 1

How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 7:33 pm
by fbslim
Hello.

This is my question.

I know in linux server (any) that works as router we have to write firewall rules in config file and than after each start of the system they must be set by command like this for example "post-up iptables-restore < /etc/iptables.up.rules"

I need to set rules temporary in routers os till it working, such as in linux in command line without saving (adding).

Is this possible in routers os and how?

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 9:29 pm
by pukkita
Not sure what you want, I assume you're logged in remotely and are afraid of being locked out?

The first tip is use safe mode in winbox, the button on the top left corner. If a rule disconnects you from the router, it will rollback to the state prior to enabling safe mode. If you exit safe mode it will "commit" the changes.

You also can add "disabled" rules that will have no effect until you enable them, useful for ordering, etc.

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 9:44 pm
by fbslim
Not sure what you want, I assume you're logged in remotely and are afraid of being locked out?
No. I just want to connect remotely to router, set the firewall rule and disconnect. I do not want to save rule in firewall table. I need to have clean firewall table if router powered off or after reboot. Thats it.

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 9:47 pm
by bkuhn
Sounds like you are looking for a feature like the Cisco startup-config and running-config.

What about a script that runs on boot of the MT and removes the firewall rules?

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 10:13 pm
by fbslim
Sounds like you are looking for a feature like the Cisco startup-config and running-config.
No. It's other things. I saw startup sctipts in DD-WRT. And i can do what i need in DD-WRT, because it is clean linux in substance.

But i need to do it on Mikrotik, because i have a lot of such devices.

Again. I need the firewall rule will be SET (temporary in memory by command line command ) not ADD (write) in firewall table. Is it possible on Mikrotik as in simple linux?

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 10:20 pm
by pukkita
I think you can accomplish the same by adding them disabled. That way they will be stored but not in effect until you enable them.

If you want them active, but to be removed after a reboot, you can manually set up a script to disable or delete them on reboot.

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 10:28 pm
by fbslim
I think you can accomplish the same by adding them disabled. That way they will be stored but not in effect until you enable them.
Sorry, you don't understand what i need. But tnks for trying.

Posted: Thu May 21, 2015 10:31 pm
by jarda
Mark the rules by some comment and schedule on start script that deletes so marked rules (or all).

Posted: Thu May 21, 2015 10:31 pm
by jarda
Oh. It was suggested already...

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 10:39 pm
by jaykay2342
maybe you want to tell us why you need them. although i don't think routeros can do temp firewall rules there might be an other solution for you problem.

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Thu May 21, 2015 10:57 pm
by ZeroByte
I think you can accomplish the same by adding them disabled. That way they will be stored but not in effect until you enable them.
Sorry, you don't understand what i need. But tnks for trying.
You forgot to quote this line from the same post:
If you want them active, but to be removed after a reboot, you can manually set up a script to disable or delete them on reboot.
This is exactly what you want.

And as jarda said:
Mark the rules by some comment and schedule on start script that deletes so marked rules (or all).
Oh. It was suggested already...
And just in case you're looking for a safety net in case of mistakes configuring a remote device, as has been mentioned, safe mode accomplishes this goal.
http://forum.mikrotik.com/viewtopic.php?t=50735

But of course there are other reasons to have configurations that go away after a reboot.....

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Fri May 22, 2015 12:01 am
by fbslim

You forgot to quote this line from the same post:
If you want them active, but to be removed after a reboot, you can manually set up a script to disable or delete them on reboot.
This is exactly what you want.
I want NOT WRITE rules in table at all. Removing after reboot - is write and then delete. I need some rules to set and work in memory till device will powered off. Like simple linux system can do in command line.

Maybe developers can tell exactly is it possible or no?

Can't find information about it anything else. So... have to ask here.

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Fri May 22, 2015 12:23 am
by ZeroByte
I want NOT WRITE rules in table at all. Removing after reboot - is write and then delete. I need some rules to set and work in memory till device will powered off. Like simple linux system can do in command line.
Mikrotik saves its configuration immediately with each change, so there's no way to keep a firewall rule from being saved in the configuration. Only safe mode makes changes "temporary," and those changes revert if your terminal session is disconnected before ending safe mode, and they commit when you end safe mode, so this isn't what you want.

I'm not really a fan of scripting things, but deleting rules at bootup with a script gives operationally the same thing as having lost them at power-off, so I don't see how that's "not a solution" unless you're wanting to have ANY commands be rolled back by a reboot, but you're only saying firewall rule here in your thread... (or are worried about someone dumping the flash memory and reading configurations while the router is powered off). Yes, it's a work-around, but it's a viable in most cases.

You could also use the partition feature to save a reference configuration if you just want something to fall back to - but it sounds like "anything that hits the flash memory is completely and utterly unacceptable" so I'm going to stop offering ways to achieve the stated goal because obviously there is a hidden agenda which makes the behavior more important than the goal.

Re: How to set firewall rules in memory temporary, not add (write) as settings?

Posted: Fri May 22, 2015 12:45 am
by fbslim
Deleting at boot with script gives operationally the same thing - so I don't see how that's "not a solution"
Yes, it's a work-around, but it's a viable one.
OK. You are right. The only thing i have now - deleting script. I'll try. Thank you!