Community discussions

 
ArShuRaZ
just joined
Topic Author
Posts: 2
Joined: Sat Apr 14, 2018 12:37 pm

cannot use ip firewall connection find

Wed Jul 25, 2018 4:54 am

connection-print.png
If I want to find this connection (for writing remove script). How can I find it?

I've tried to use ip firewall connection find as in below image .. but i got nothing in response.
connection-find.png
Any suggestion?

Thank you very much.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1310
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: cannot use ip firewall connection find

Wed Jul 25, 2018 12:01 pm

I am new to script, but see the same as you.

It looks like I do not get any output when run from cli, but it gets data within a script.

I am not sure this is a bug or it is supposed to work this way.
I also would like to see the output to screen from the find command when run from cli.


Edit: Did some testing. Look at these two test:
/ip firewall connection find
Gives nothing, but using put i do get:
:put [/ip firewall connection find]
*19c;*19d;*19e;*19f;*1a1;*1a3;*1a4;*1a5;*1a6;*1a7;*1a8;*1a9;*1aa;*1ac;*1ae;*1af;*1b0;*1b1;*1b2;*1b4;*1b5;*1b6;*1b7;*1b8;*1b9;*1ba;*1bb;*1bc;*1bd;*1bf;*1c0;*1c1;*1c2;*1c3;*1c4;*1c5;*1c6;*1c7;*1c8;*1c9;*1cb;*1cc;*1cd;*1ce;*1cf;*1d0;*1d1;*1d2;*1d3;*1d4;*1d5;*1d6;*1d7;*1d8;*1d9;*1da;*1db;*1dc;*1df;*1e0;*1e1;*1e2;*1e3;*1e4;*1e5;*1e6;*1e7;*1e8;*1e9;*1ea;*1eb
Then it seem to return line number in some format of what is found.


Edit2:
This seems to be the correct way, but still some strange.
/ip firewall connection print
Flags: E - expected, S - seen-reply, A - assured, C - confirmed, D - dying, F - fasttrack, s - srcnat, d - dstnat
 #          PR.. SRC-ADDRESS           DST-ADDRESS           TCP-STATE   TIMEOUT     ORIG-RATE REPL-RATE ORIG-PACKETS
 0  SAC  s  tcp  10.10.10.92:52488     52.170.194.77:443     established 20h44m33s        0bps      0bps          114
 1  SAC  s  tcp  10.10.10.43:60914     193.212.207.247:45046 established 4m59s          448bps    416bps       61 621
 2  SAC   d udp  10.10.10.132:41324    8.8.8.8:53                        50s              0bps      0bps            2
But when I run
:put [/ip firewall connection get [find dst-address=8.8.8.8:53]]
no such item
Should be a hit, but nu such item.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
dasiu
Trainer
Trainer
Posts: 232
Joined: Fri Jan 30, 2009 11:41 am
Location: Reading, UK
Contact:

Re: cannot use ip firewall connection find  [SOLVED]

Wed Jul 25, 2018 9:18 pm

It's correct, find works, you just don't SHOW the result of the find :).
1. dst-address in the entry is EQUAL TO "172.31.80.4:5060". Looking for "172.31.80.4" won't work. so it's either:
find dst-address="172.31.80.4:5060" for this specific port, or:
find dst-address~"172.31.80.4:" for all ports :).
2. To check if it finds anything, use:
/ip firewall connection print from=[find dst-address="172.31.80.4:5060"]
3. If it finds it, it can also remove it:
/ip firewall connection remove [find dst-address="172.31.80.4:5060"]
 
ArShuRaZ
just joined
Topic Author
Posts: 2
Joined: Sat Apr 14, 2018 12:37 pm

Re: cannot use ip firewall connection find

Thu Jul 26, 2018 6:23 am

Thank you very much. It's work like a charm :)
It's correct, find works, you just don't SHOW the result of the find :).
1. dst-address in the entry is EQUAL TO "172.31.80.4:5060". Looking for "172.31.80.4" won't work. so it's either:
find dst-address="172.31.80.4:5060" for this specific port, or:
find dst-address~"172.31.80.4:" for all ports :).
2. To check if it finds anything, use:
/ip firewall connection print from=[find dst-address="172.31.80.4:5060"]
3. If it finds it, it can also remove it:
/ip firewall connection remove [find dst-address="172.31.80.4:5060"]

Who is online

Users browsing this forum: No registered users and 18 guests