Community discussions

MikroTik App
 
lucasfaverzani
just joined
Topic Author
Posts: 1
Joined: Sun Dec 08, 2019 7:17 pm

Script to Clean Firewall->Connections after public IP Changes

Sun Dec 08, 2019 7:23 pm

Hello,

I've found a "problem" when default route changes, the SIP connections keep active with old IP adress and SIP couldn't registry with the new route.

I'm searching for a solution but I can't find, so I've tried to do this script, but its not workting...

Can someone help-me?
{

/tool fetch url="http://myip.dnsomatic.com/" mode=http dst-path=mypublicip.txt
local newIP [file get mypublicip.txt contents ]
put $newIP

}
:local cIP;

:if ($newIP != $cIP) do={
    :put "ip address $cIP changed to $newIP";
    :set cIP $newIP;
/ip firewall connection remove [find];
}
 
User avatar
gnro
newbie
Posts: 36
Joined: Sun Aug 05, 2018 9:52 am

Re: Script to Clean Firewall->Connections after public IP Changes

Mon Dec 09, 2019 11:14 am

In the script from http://www.farlock.org/mikrotik/mikroti ... itization/ you'll find some rules to clear connections. Maybe you can use it.
 
simonefil
newbie
Posts: 42
Joined: Tue Apr 13, 2021 9:22 pm
Location: Bergamo - Italy
Contact:

Re: Script to Clean Firewall->Connections after public IP Changes

Mon Apr 19, 2021 11:52 am

In the script from http://www.farlock.org/mikrotik/mikroti ... itization/ you'll find some rules to clear connections. Maybe you can use it.
Hello.
I also have this problem and would like to create a script to clear udp connections. Unfortunately, however, the guide you linked does not work. Do you have a new working link?
Thank you
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Script to Clean Firewall->Connections after public IP Changes

Mon Apr 19, 2021 2:11 pm

(sorry for my english)

"/ip firewall connection remove [find]"

This command do not work as many person think...

If some connection are closed (removed) between the start and the end of the command, it do error and stop working, leaving open some connections.

Il work like, "I collect all connection_id, and after that, one per one, close it".

But if for some reason, in the meantime, connection_id are already closed (like are expired), the procedure stop.

I'm writing one function to do that without error (i hope), some minutes and I post that here.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Script to Clean Firewall->Connections after public IP Changes

Mon Apr 19, 2021 2:22 pm

for close ALL connection open ath the moment you launch te command:
(this ignore any connection made, or closed, exactly after the first [find] command inside the script)
/ip fire conn
:foreach idc in=[find where timeout>60] do={
 remove [find where .id=$idc]
}
the "timeout>60" and the second "find" preventing errors from connection already closed in meantime script execution ;)


for remove ONLY NATted connection with prevoious invalid IP:
(DO NOT REMOVE QUOTE AND PASS THE PARAMETER AS STRING, NOT IP!!!)
:global previousIP "18.11.23.33"

/ip fire conn
:foreach idc in=[find where timeout>60 and reply-dst-address~$previousIP] do={
 remove [find where .id=$idc]
}


on pppoe-client connection can be used this as on-up script on actual pppoe-client profile
:global newIP [:tostr $"local-address"]

/ip fire conn
:foreach idc in=[find where timeout>60 and (!(reply-dst-address~$newIP))] do={
 remove [find where .id=$idc]
}

Who is online

Users browsing this forum: marcelofares and 31 guests