Community discussions

MikroTik App
  4. RouterOS
  5. Scripting

duplicated rules

Post Reply
 
dakobg
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

duplicated rules

Fri Dec 04, 2020 9:32 pm

Hi,

Is there a good way to avoid duplicated rules in ip firewall filter ? How to sort rules via scripting or cmd (rules always to be in the same order 1,2,3 etc. ) ?
For example via cmd if execute the same rule , this rule is added several times, it is possible to avoid that ?

note: this example is for duplicate rules ignore it as content :)
[admin@ros1] > ip firewall filter print
Flags: X - disabled, I - invalid; D - dynamic
[admin@ros1] > /ip firewall filter add dst-address=8.8.8.8 chain=forward comment=test_rule
[admin@ros1] > /ip firewall filter add dst-address=8.8.8.8 chain=forward comment=test_rule
[admin@ros1] > /ip firewall filter add dst-address=8.8.8.8 chain=forward comment=test_rule
[admin@ros1] > ip firewall filter print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; test_rule
chain=forward dst-address=8.8.8.8

1 ;;; test_rule
chain=forward dst-address=8.8.8.8

2 ;;; test_rule
chain=forward dst-address=8.8.8.8
Another example
.
[admin@ros1] > ip firewall filter print
Flags: X - disabled, I - invalid; D - dynamic
[admin@ros1] > /ip firewall filter add dst-address=8.8.8.8 chain=forward comment=test_rule_1
[admin@ros1] > /ip firewall filter add dst-address=8.8.4.4 chain=forward comment=test_rule_2
[admin@ros1] > ip firewall filter print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; test_rule_1
chain=forward dst-address=8.8.8.8

1 ;;; test_rule_2
chain=forward dst-address=8.8.4.4
[admin@ros1] > /ip firewall filter add dst-address=8.8.8.8 chain=forward comment=test_rule_1
[admin@ros1] > /ip firewall filter add dst-address=8.8.4.4 chain=forward comment=test_rule_2
[admin@ros1] > ip firewall filter print
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; test_rule_1
chain=forward dst-address=8.8.8.8

1 ;;; test_rule_2
chain=forward dst-address=8.8.4.4

2 ;;; test_rule_1
chain=forward dst-address=8.8.8.8

3 ;;; test_rule_2
chain=forward dst-address=8.8.4.4
[admin@ros1] >
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9120
Joined: Mon Apr 20, 2009 9:11 pm

Re: duplicated rules

Fri Dec 04, 2020 9:43 pm

You most likely don't want any automatic sorting, because order of rules matters. You could sort a subset of them without breaking anything, but you would first have to define what can be touched and what can't, which may be difficult. A separate chain for "sortable" rules could work, but if you'd add that, you might as well be careful and just watch what you're adding.
Top
 
dakobg
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: duplicated rules

Fri Dec 04, 2020 9:51 pm

You most likely don't want any automatic sorting, because order of rules matters. You could sort a subset of them without breaking anything, but you would first have to define what can be touched and what can't, which may be difficult. A separate chain for "sortable" rules could work, but if you'd add that, you might as well be careful and just watch what you're adding.
Yes I agree, but my main problem is if I want always to have the same rules during update with script or other automation
For example

1st script run will add rules A,B,C,D
2nd run to not add A,B,C,D if they already exist and only add new rules

Ideally must be for example on 2nd run A,B, new rule, C,D, new rule, new rule, etc.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9120
Joined: Mon Apr 20, 2009 9:11 pm

Re: duplicated rules

Fri Dec 04, 2020 10:03 pm

In theory, a script could check if some rule exists before adding it. It would definitely make it more complex. But I'm not sure if it's even possible, because it would mean searching for rules that have certain parameters and also don't have any other parameters. A workaround would be to use rules uniquely identified by comments, and use those to find them. But you would have to make sure that nobody would change any of those rules manually.

But maybe somebody else will have better idea, RouterOS scripting and myself are not exactly friends.
Top
 
dakobg
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: duplicated rules

Fri Dec 04, 2020 10:32 pm

So I hope there is a good way to do that without complexity for this reason I'm asking and for order number

If we have rules
0 A
1 B
2 D
3 C
I think theoretically must be something like this
If new rule with number 2 is not D then replace it, if is the same do nothing

Or at lease do not add new rule D with number 5

Anyway if some one have easy solution .. if there is no such solution let me know as well
Top
 
dakobg
Member Candidate
Member Candidate
Topic Author
Posts: 120
Joined: Mon Nov 06, 2017 8:58 am

Re: duplicated rules

Fri Dec 04, 2020 10:44 pm

Actually look like ip firewall filter set numbers= whatever do the job ! Almost
Top
Post Reply

Who is online

Users browsing this forum: eworm and 26 guests
  4. RouterOS
  5. Scripting