Community discussions

MUM Europe 2020
 
thedoble
just joined
Topic Author
Posts: 2
Joined: Thu Mar 31, 2016 12:24 pm

Error when trying to clear firewall connections

Thu Apr 07, 2016 2:39 am

Hi folks

I've written a script to clear firewall connections. It works fine but occasionally it will error out with the following:

no such item (4)

I think this is due to the way RouterOS is processing the connection list. The script is as follows:

:local ConnectionList [/ ip firewall connection find]
:foreach Connection in=[$ConnectionList] \
do={/ip firewall connection remove $Connection}

I think what is happening is that between storing the connections as an array and then removing them, if a connection closes, the 'remove' command runs against a connection which doesn't exist, which results in the error.

I've tried adding an 'on-error={' condition to this, but I can't get it to work, I always get syntax errors.

Can anyone tell me a way that I can either prevent this error from occurring, or handle the error gracefully?

Thanks
 
User avatar
pcunite
Forum Guru
Forum Guru
Posts: 1070
Joined: Sat May 25, 2013 5:13 am
Location: USA

Re: Error when trying to clear firewall connections

Thu Apr 07, 2016 6:29 am

Try setting the TCP Established time to 5 minutes. If the socket is in use, I think it stays open?
 
Zebble
newbie
Posts: 45
Joined: Mon Oct 17, 2011 4:07 am

Re: Error when trying to clear firewall connections

Mon Apr 11, 2016 2:16 am

You could also just turn off connection tracking to clear the connections, and then turn it back on.

/ip firewall connection tracking set enabled=no
/ip firewall connection tracking set enabled=yes (or auto)

-wade
 
thedoble
just joined
Topic Author
Posts: 2
Joined: Thu Mar 31, 2016 12:24 pm

Re: Error when trying to clear firewall connections

Mon Apr 11, 2016 10:23 am

Try setting the TCP Established time to 5 minutes. If the socket is in use, I think it stays open?
Sorry, I'm not sure what the result of this would be? Could you explain a bit more?
You could also just turn off connection tracking to clear the connections, and then turn it back on.

/ip firewall connection tracking set enabled=no
/ip firewall connection tracking set enabled=yes (or auto)

-wade
Thanks, that would work to begin with, however long-term I am wanting the script to only clear certain connections (in this case, for VoIP phones) so I need to be able to pick which connections I clear.

Who is online

Users browsing this forum: No registered users and 21 guests