Community discussions

MikroTik App
 
amcrs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Fri Apr 23, 2021 6:46 am

! Variables in firewall filters

Fri Apr 23, 2021 6:51 am

I have

:global eruWAN ether1
/ip firewall filter add chain=forward out-interface=!($eruWAN) ....

which the CLI doesn't like. Nor
/ip firewall filter add chain=forward out-interface=!$eruWAN ....

/ip firewall filter add chain=forward out-interface=(!$eruWAN) returns "Script Error: cannot logically negate string" which makes sense, but

/ip firewall filter add chain=forward out-interface=!ether1 .... works.

How can I use the variable $eruWAN there?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: ! Variables in firewall filters

Fri Apr 23, 2021 12:18 pm

In cli wrap the code i brackets. {code}
{
:global eruWAN ether1
/ip firewall filter add chain=forward out-interface=!($eruWAN) ....
}
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ! Variables in firewall filters

Fri Apr 23, 2021 12:31 pm

As error says you cannot logically negate string.
by specifying !"string" you are trying to perform logic operation on string and then apply it as a value.
To pass ! as part of the value you should pass it as a part of string "!$your_var"
[admin@MikroTik] /ip/firewall/filter> add out-interface="!$x" chain=xx         
[admin@MikroTik] /ip/firewall/filter> print 
Flags: X - disabled, I - invalid; D - dynamic 
 0    chain=xx out-interface=!ether1
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: ! Variables in firewall filters

Fri Apr 23, 2021 2:47 pm

In cli wrap the code i brackets. {code}
{
:global eruWAN ether1
/ip firewall filter add chain=forward out-interface=!($eruWAN) ....
}
do not matter, if you use GLOBAL, instead of local.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: ! Variables in firewall filters  [SOLVED]

Fri Apr 23, 2021 2:48 pm

As error says you cannot logically negate string.
by specifying !"string" you are trying to perform logic operation on string and then apply it as a value.
To pass ! as part of the value you should pass it as a part of string "!$your_var"
[admin@MikroTik] /ip/firewall/filter> add out-interface="!$x" chain=xx         
[admin@MikroTik] /ip/firewall/filter> print 
Flags: X - disabled, I - invalid; D - dynamic 
 0    chain=xx out-interface=!ether1
sorry.. missing
:global x "ether1"

[admin@MikroTik] /ip/firewall/filter> :global x "ether1"
[admin@MikroTik] /ip/firewall/filter> add out-interface="!$x" chain=xx         
[admin@MikroTik] /ip/firewall/filter> print 
Flags: X - disabled, I - invalid; D - dynamic 
 0    chain=xx out-interface=!ether1

Who is online

Users browsing this forum: No registered users and 12 guests