I can successfully use the API to add a firewall filter rule with no problems. The issue is that I'd like to add the rules in the appropriate place.
For example, I'd like to add a filter rule *before* the default rule that has the comment: "defconf: drop all from WAN". The difficulty is that the number of the rule is variable, so I can't say something like "place-before=14" and expect it to behave correctly.
I've tried using something like: /ip firewall filter get number=[find comment="defconf: drop all from WAN"]
That successfully finds the correct rule, but doesn't return anything that I can figure out how to use.
(For reference, it returns: .id=*3;.nextid=*4;action=drop;bytes=541304;chain=input;comment=defconf: drop all from WAN;dynamic=false;in-interface=ether1;invalid=false;packets=7671 )
If I do a "/ip firewall filter print" then that particular rule shows up as number 8.
From my reading elsewhere, it appears as if the "id" that is returned is not really associated with the order of the rules, but is rather auto-generated for the display, so I think it's a red herring for this topic.
The box is running 6.40.1.
Am I trying to overcomplicate this? Any suggestions would be greatly appreciated!