Community discussions

MikroTik App
 
IBREDSOPORTE
just joined
Topic Author
Posts: 3
Joined: Fri Jul 22, 2022 3:43 pm

Filter rule

Fri Jul 22, 2022 4:13 pm

Hi community,

I need to add the same filter rule in serveral routers in position 1. Is there a way to add it using the same command?

I know you can create it and then move it, but I want to know if it's possible to create it in position 1.

Thanks
 
BrookXVll
just joined
Posts: 7
Joined: Sat Jul 23, 2022 1:13 pm

Re: Filter rule

Sat Jul 23, 2022 2:21 pm

The place-before parameter is responsible for this.
ip firewall filter add chain=forward place-before=0
Adds the rule to the first position
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Filter rule  [SOLVED]

Sat Jul 23, 2022 4:08 pm

NO, is not the right method...
Sometime you have:

terminal code

/ip firewall filter add chain=forward place-before=0
item referred by 'place-before' does not exist (11)
Because that 0 is not valid until you do not print before.
0 is a temporary value.


The right method is, on same line without other commands:
/ip firewall filter add chain=forward place-before=([find]->0)

But both methods do error if no previous rules are presents.


This move last rule on the top:
move ([find]->([:len [find]]-1)) ([find]->0)



But the other problem is if are present some dynamic rules, for example for display fasttrack, better do not move anything before that rules,
then is necessary a check for move the rule before the first static rule
/ip firewall filter add chain=forward place-before=([find where dynamic=no]->0)

the same for move:
move ([find]->([:len [find]]-1)) ([find where dynamic=no]->0)

But, in general, you have to use the utmost precaution, because if you move over "drop everything unclassified"... you cut everything, also your access...
 
BrookXVll
just joined
Posts: 7
Joined: Sat Jul 23, 2022 1:13 pm

Re: Filter rule

Sat Jul 23, 2022 4:46 pm

NO, is not the right method...
Sometime you have:

terminal code

/ip firewall filter add chain=forward place-before=0
item referred by 'place-before' does not exist (11)
Because that 0 is not valid until you do not print before.
0 is a temporary value.

I completely agree with you. Your answer is more extended, I just showed an example of the command.
 
IBREDSOPORTE
just joined
Topic Author
Posts: 3
Joined: Fri Jul 22, 2022 3:43 pm

Re: Filter rule

Wed Jul 27, 2022 9:43 am

NO, is not the right method...
Sometime you have:

terminal code

/ip firewall filter add chain=forward place-before=0
item referred by 'place-before' does not exist (11)
Because that 0 is not valid until you do not print before.
0 is a temporary value.


The right method is, on same line without other commands:
/ip firewall filter add chain=forward place-before=([find]->0)

But both methods do error if no previous rules are presents.


This move last rule on the top:
move ([find]->([:len [find]]-1)) ([find]->0)



But the other problem is if are present some dynamic rules, for example for display fasttrack, better do not move anything before that rules,
then is necessary a check for move the rule before the first static rule
/ip firewall filter add chain=forward place-before=([find where dynamic=no]->0)

the same for move:
move ([find]->([:len [find]]-1)) ([find where dynamic=no]->0)

But, in general, you have to use the utmost precaution, because if you move over "drop everything unclassified"... you cut everything, also your access...
Works great!

Thanks all!

Who is online

Users browsing this forum: ko00000000001 and 21 guests