Community discussions

MikroTik App
 
solaoxo
Member Candidate
Member Candidate
Topic Author
Posts: 100
Joined: Sun Oct 20, 2013 8:38 pm

How to delete the specified ip connection with a script?

Tue Dec 29, 2020 10:20 am

As in the question, I need to use a script to delete all the connections of the specified ip, but the port number of the ip is different, the script does not know how to write the most efficient.
QQ截图20201229161858.png
You do not have the required permissions to view the files attached to this post.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7176
Joined: Mon Jun 08, 2015 12:09 pm

Re: How to delete the specified ip connection with a script?

Tue Dec 29, 2020 11:25 am

Probably all your connections have that. It is your own external IP used to translate the internal address (the 1st column) to the internet address you have.
(100.127.248.189 is another "internal IP", which will again be translated further down the path by your ISP)
 
solaoxo
Member Candidate
Member Candidate
Topic Author
Posts: 100
Joined: Sun Oct 20, 2013 8:38 pm

Re: How to delete the specified ip connection with a script?

Tue Dec 29, 2020 12:08 pm

Probably all your connections have that. It is your own external IP used to translate the internal address (the 1st column) to the internet address you have.
(100.127.248.189 is another "internal IP", which will again be translated further down the path by your ISP)
After the pppoe client is disconnected and reconnected, the ip will change, and there will be many old connections in the connection list, which will not disappear for a long time.
 
pe1chl
Forum Guru
Forum Guru
Posts: 7176
Joined: Mon Jun 08, 2015 12:09 pm

Re: How to delete the specified ip connection with a script?

Tue Dec 29, 2020 12:25 pm

When you have only a single connection it is easy to remove all tracking entries using: /ip firewall connection remove [find]
You can place that in the "On Down" script in the PPP profile used with the PPPoE connection (copy profile "default", make that change, and set the PPP profile in the PPPoE client).
 
solaoxo
Member Candidate
Member Candidate
Topic Author
Posts: 100
Joined: Sun Oct 20, 2013 8:38 pm

Re: How to delete the specified ip connection with a script?

Tue Dec 29, 2020 1:02 pm

When you have only a single connection it is easy to remove all tracking entries using: /ip firewall connection remove [find]
You can place that in the "On Down" script in the PPP profile used with the PPPoE connection (copy profile "default", make that change, and set the PPP profile in the PPPoE client).
I know this method, the script can only target one connection, but also know the specific port number.
:for sola from=1 to=65536 do={
This method is also possible, but it is very CPU-intensive and deletion is very slow. I wonder if there is a script that can be deleted just by looking at the ip and not recognizing the port number.
 
msatter
Forum Guru
Forum Guru
Posts: 2012
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: How to delete the specified ip connection with a script?  [SOLVED]

Tue Dec 29, 2020 1:09 pm

/ip firewall connection remove [find where reply-dst-address~"1.2.3.4"]
Last edited by msatter on Tue Dec 29, 2020 3:21 pm, edited 1 time in total.
Loving my freedom and so, no Twitter, no Facebook/Instagram/WhatsApp, no Apple and no Google/Alphabet.

Running:
RouterOS 6.48 / Winbox 3.27 64bits
 
pe1chl
Forum Guru
Forum Guru
Posts: 7176
Joined: Mon Jun 08, 2015 12:09 pm

Re: How to delete the specified ip connection with a script?

Tue Dec 29, 2020 2:08 pm

When you have only a single connection it is easy to remove all tracking entries using: /ip firewall connection remove [find]
You can place that in the "On Down" script in the PPP profile used with the PPPoE connection (copy profile "default", make that change, and set the PPP profile in the PPPoE client).
I know this method, the script can only target one connection, but also know the specific port number.
:for sola from=1 to=65536 do={
This method is also possible, but it is very CPU-intensive and deletion is very slow. I wonder if there is a script that can be deleted just by looking at the ip and not recognizing the port number.
Is this an endpoint router that has only a single PPPoE uplink and not much else?
When the PPPoE goes down you can basically delete all connections without looking at address or port number.
It would also be possible to use a nat entry with "masquerade" instead of "src-nat", as that will automatically delete the connection entries when the PPPoE goes down.
However, that should be done only on a simple endpoint router and not when you have many PPPoE connections because that deletion costs CPU and it will heavily load the router when PPPoE links go up and down regularly.
(that is also why you find the recommendation to use src-nat instead of masquerade in such setups)
 
solaoxo
Member Candidate
Member Candidate
Topic Author
Posts: 100
Joined: Sun Oct 20, 2013 8:38 pm

Re: How to delete the specified ip connection with a script?

Wed Dec 30, 2020 7:31 am

/ip firewall connection remove [find where reply-dst-address~"1.2.3.4"]
Perfect script
 
solaoxo
Member Candidate
Member Candidate
Topic Author
Posts: 100
Joined: Sun Oct 20, 2013 8:38 pm

Re: How to delete the specified ip connection with a script?

Wed Dec 30, 2020 7:36 am

When you have only a single connection it is easy to remove all tracking entries using: /ip firewall connection remove [find]
You can place that in the "On Down" script in the PPP profile used with the PPPoE connection (copy profile "default", make that change, and set the PPP profile in the PPPoE client).
I know this method, the script can only target one connection, but also know the specific port number.
:for sola from=1 to=65536 do={
This method is also possible, but it is very CPU-intensive and deletion is very slow. I wonder if there is a script that can be deleted just by looking at the ip and not recognizing the port number.
Is this an endpoint router that has only a single PPPoE uplink and not much else?
When the PPPoE goes down you can basically delete all connections without looking at address or port number.
It would also be possible to use a nat entry with "masquerade" instead of "src-nat", as that will automatically delete the connection entries when the PPPoE goes down.
However, that should be done only on a simple endpoint router and not when you have many PPPoE connections because that deletion costs CPU and it will heavily load the router when PPPoE links go up and down regularly.
(that is also why you find the recommendation to use src-nat instead of masquerade in such setups)
I have multiple pppoe clients, and I use "src-nat" because I heard that it is more efficient than "masquerade".
 
pe1chl
Forum Guru
Forum Guru
Posts: 7176
Joined: Mon Jun 08, 2015 12:09 pm

Re: How to delete the specified ip connection with a script?

Wed Dec 30, 2020 11:13 am

I have multiple pppoe clients, and I use "src-nat" because I heard that it is more efficient than "masquerade".
That is true, but by adding that script you are throwing that advantage away. The script will now consume the CPU that is implicitly consumed when using masquerade.
 
solaoxo
Member Candidate
Member Candidate
Topic Author
Posts: 100
Joined: Sun Oct 20, 2013 8:38 pm

Re: How to delete the specified ip connection with a script?

Wed Dec 30, 2020 2:37 pm

I have multiple pppoe clients, and I use "src-nat" because I heard that it is more efficient than "masquerade".
That is true, but by adding that script you are throwing that advantage away. The script will now consume the CPU that is implicitly consumed when using masquerade.
Using the script given upstairs, the consumption is particularly small, and the CPU consumption is basically not felt during use.
 
User avatar
eworm
Forum Veteran
Forum Veteran
Posts: 744
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: How to delete the specified ip connection with a script?

Sun Jan 03, 2021 12:46 am

/ip firewall connection remove [find where reply-dst-address~"1.2.3.4"]
This will also remove connections for addresses 11.2.3.4 and 1.2.3.44... Better match beginning and end of the address when using regular expressions:
/ip firewall connection remove [ find where reply-dst-address~"^1.2.3.4:" ]
Manage RouterOS scripts and extend your devices' functionality: RouterOS Scripts

Who is online

Users browsing this forum: No registered users and 24 guests