Community discussions

MikroTik App
 
idst
just joined
Topic Author
Posts: 13
Joined: Thu Feb 08, 2018 12:19 pm

Wildcard port on find src-address

Thu Jun 10, 2021 6:00 pm

Hello,

I'm trying to track a connection with the following command:
 /ip firewall connection print from=[find dst-address="SERVER_IP:80"]
This is the destination address and destination port 80, but I know the source address but not the port. Is it possible to allow any port?, something like:
 /ip firewall connection print from=[find src-address="CLIENT_IP:*"]
Thanks,
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3884
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:08 pm

/ip firewall connection print where src-address~"1.2.3.4"

/ip firewall connection print where dst-address~"1.2.3.4:80"
I'm Italian, not English. Sorry for my imperfect grammar.
 
idst
just joined
Topic Author
Posts: 13
Joined: Thu Feb 08, 2018 12:19 pm

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:20 pm

Thanks rextended
ip firewall connection print where src-address~"IP"
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2162
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:25 pm

This is regex, so if you search for 1.1.1.1 it will also hit 11.1.1.1 and 21.1.1.1 +++
/ip firewall connection print where src-address~"1.2.3.4"
Will find 1.2.3.4 as well as 11.2.3.4
Last edited by Jotne on Thu Jun 10, 2021 6:33 pm, edited 2 times in total.
 
Try Splunk> to monitor your MikroTik Router(s). Look at this page in how to set it up.

MikroTik->Splunk
 
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3884
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:27 pm

CAN happen, but nevermind..

In case:
/ip firewall connection print where src-address~"^1\\.2\\.3\\.4(:*|\$)"

/ip firewall connection print where dst-address~"^1\\.2\\.3\\.4:80\$"
Last edited by rextended on Thu Jun 10, 2021 6:39 pm, edited 2 times in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2162
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:35 pm

@rextended

Did you try this?

For me, I do get red \, to that is not accepted.
Using ^ works fine
Using $ at end of line give hit for all lines , like .*
So some is not following regex standard.
Last edited by Jotne on Thu Jun 10, 2021 6:38 pm, edited 1 time in total.
 
Try Splunk> to monitor your MikroTik Router(s). Look at this page in how to set it up.

MikroTik->Splunk
 
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3884
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:38 pm

@rextended

Did you try this?

For me, I do get red \, to that is not accepted.
Using ^ works fine
Using $ at end of line give hit for all
So some is not following regex standard.
you right,

using on CLI must have double \\ and \$
I correct my post because must be used only on CLI "/ip firewall connection print"
Last edited by rextended on Thu Jun 10, 2021 6:41 pm, edited 1 time in total.
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2162
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:39 pm

Ahh, thanks, learned some today as well :)
 
Try Splunk> to monitor your MikroTik Router(s). Look at this page in how to set it up.

MikroTik->Splunk
 
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3884
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:42 pm

CLI have double interpretation for \ (start of special char) and $ (name of the variables on memory)

for write \ as not special char, but passed as \ must be special char of.. special char: \\
Simply \$ if you want write $ literally
I'm Italian, not English. Sorry for my imperfect grammar.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 3884
Joined: Tue Feb 25, 2014 12:49 pm
Location: Capalbio, Tuscany, Italy

Re: Wildcard port on find src-address

Thu Jun 10, 2021 6:45 pm

Ahh, thanks, learned some today as well :)
Remember: is RegExp using POSIX standard without metadata (Character classes) like [:digit:] (stay for [0-9] ) or \d (again is equal to [0-9] ) from other languages
https://en.wikibooks.org/wiki/Regular_E ... xpressions
I'm Italian, not English. Sorry for my imperfect grammar.

Who is online

Users browsing this forum: No registered users and 26 guests