Community discussions

MikroTik App
 
lukkes
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Jun 16, 2008 2:12 am
Location: Venezuela
Contact:

very simple script to enable/disable rules

Tue Dec 15, 2009 7:16 am

hi everybody. this little script works perfect but only with the chain 0 when i try to enable/disable chain 1, doesnt work, i have only two chains in /ip firewall filter, remember WORKS perfect with chain 0 but dont with chain 1 simply doens nothing with chain 1

[admin@router-gelo] > /ip firewal filter pr
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; 208
chain=input action=drop protocol=icmp dst-address=192.168.208.1

1 X ;;; 209
chain=input action=drop protocol=icmp dst-address=192.168.209.1



THIS WORKS PERFECT
:global activa208 ([/interface get [/interface find name="ether1-aba208"] disabled]);
:log info "eth1-208 DOWN: $activa208";
:if ($activa208) do={/ip firewall filter enable numbers=0} else={
/ip firewall filter disable numbers=0};

THIS DOESNT WORK I ONLY CHANGE THE NUMBERS=0 FOR 1

:global activa208 ([/interface get [/interface find name="ether1-aba208"] disabled]);
:log info "eth1-208 DOWN: $activa208";
:if ($activa208) do={/ip firewall filter enable numbers=1} else={
/ip firewall filter disable numbers=1};

thanks
 
kirshteins
MikroTik Support
MikroTik Support
Posts: 592
Joined: Tue Dec 02, 2008 10:55 am

Re: very simple script to enable/disable rules

Tue Dec 15, 2009 4:24 pm

What version are you using? Does second script log "eth1-208 DOWN: $activa208" part or only disable rule is the one that does not work? What is the result if you paste it directly into terminal? Also i suggest to check script policies.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: very simple script to enable/disable rules

Tue Dec 15, 2009 4:29 pm

instead of /ip firewall filter disable numbers=1 use following command
/ip firewall filter disable [find comment="209"];
 
lukkes
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Jun 16, 2008 2:12 am
Location: Venezuela
Contact:

Re: very simple script to enable/disable rules

Tue Dec 15, 2009 8:08 pm

hello, as mrz suggest it works perfect, it's the actual way i yet implemented to work, but i just want an easy and direct way, without put a comment. but why doesnt work with 1?
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: very simple script to enable/disable rules

Tue Dec 15, 2009 8:12 pm

Because 'numbers' isn't a valid parameter. Try it without the 'numbers=' part:
/ip firewall filter disable 1
 
lukkes
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Jun 16, 2008 2:12 am
Location: Venezuela
Contact:

Re: very simple script to enable/disable rules

Tue Dec 15, 2009 8:37 pm

Because 'numbers' isn't a valid parameter. Try it without the 'numbers=' part:
/ip firewall filter disable 1

Thanks for your help, as i told with numbers=0 works perfect, i try with and without numbers= but with parameter 1, and doesnt work
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: very simple script to enable/disable rules

Wed Dec 16, 2009 10:54 am

like he said, because it's not correct. use what mrz suggested.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: very simple script to enable/disable rules

Wed Dec 16, 2009 1:02 pm

numbers, even if they work once, wont work forever, if you introduce any new rule and move it somewhere, all your scripts will disable/enable wrong rules, that is why you have to use find clause and get rules other way.

In API you can get permanent entry IDs and work then them, they wont change, even not after reboot (for static interfaces)
 
lukkes
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Jun 16, 2008 2:12 am
Location: Venezuela
Contact:

Re: very simple script to enable/disable rules

Wed Dec 16, 2009 2:43 pm

OK acknowledge boss, thanks a lot, my doubt is now clear...
 
katashkovanton
just joined
Posts: 1
Joined: Mon Apr 26, 2021 9:02 pm

Re: very simple script to enable/disable rules

Sat Aug 14, 2021 6:52 pm

Could someone help please?

Don't understand at all, what's wrong with if-do-else. Looks like something wrong with do expression. = after do is highlighted

[Antdm1n@MikroTik] /ip firewall filter>> if ( [find comment="test"] disabled = yes) do={ enable [find comment="test"] } else={disable [find comment="test"]}
syntax error (line 1 column 46)

I want to enable/disable commented rule with one command.
Last edited by katashkovanton on Sat Aug 14, 2021 6:54 pm, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: very simple script to enable/disable rules

Sat Aug 21, 2021 4:14 pm

Try this:
:if ([get [find comment="test" ] disabled ]=true) do={...
There may be a shorter way to do this, but this should also work:
:if ([get [find comment="test" ] disabled ]) do={...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: very simple script to enable/disable rules

Mon Aug 23, 2021 7:21 am

Could someone help please?
I want to enable/disable commented rule with one command.
Missing : before if,
missing "get" for obtain "disabled status"
missing [ ] on get...disabled
missing (for me) where after find
= yes can be omitted as @Jotne say,

but i do not like errors, I added a section to check if "test" exist...
Must exist only one time, or "get" do errors if it not exist or if are present multiple rules with test as comment.

/ip firewall filter
:if ([:len [find where comment="test"]] = 1) do={
    :if ([get [find where comment="test"] disabled]) do={
        enable [find where comment="test"]
    } else={
        disable [find where comment="test"]
    }
}


or simply:
/ip firewall filter
:foreach r in=[find where comment="test"] do={
    :if ([get $r disabled]) do={
        enable $r
    } else={
        disable $r
    }
}
on this way can be present more rules with "test"

Who is online

Users browsing this forum: alexantao and 16 guests