Community discussions

MikroTik App
  4. RouterOS
  5. Scripting

script with routerOS v4.13

Post Reply
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

script with routerOS v4.13

Sat Nov 13, 2010 5:39 pm

I have routerOs v4.13 with hotspot. I tried to run this code the terminal:
Code: Select all
/ip firewall filter

add action=reject chain=forward comment="Reject if in the 24-hour-list" disabled=no reject-with=icmp-network-unreachable src-address-list=24-hour-list

add action=jump chain=forward comment="Check if dest is an open customer" disabled=no dst-address-list=open-customers jump-target=open-customers
add action=jump chain=forward comment="Check Known Bad Hosts" disabled=no jump-target=bad-hosts
add action=reject chain=forward comment="Reject if in the 24-hour-list" disabled=no reject-with=icmp-network-unreachable src-address-list=24-hour-list

add action=return chain=bad-host-detection comment="Take no action on bogons" disabled=no src-address-list=bogons
add action=add-src-to-address-list address-list=30-seond-list address-list-timeout=30s chain=bad-host-detection comment="Add to the 30 second list" disabled=no

add action=add-src-to-address-list address-list=24-hour-list address-list-timeout="1d 00:00:00" chain=bad-host-detection comment="If seen 20 time in 30 seconds add to the one day block list" disabled=no nth=50 src-address-list=30-seond-list
add action=return chain=bad-host-detection comment="" disabled=no


add action=jump chain=forward comment="jump to the bad-host-detection chain" disabled=no jump-target=bad-host-detection src-address-list=!our-networks

add action=jump chain=forward comment="jump to the bad-host-detection chain" disabled=no jump-target=bad-host-detection src-address-list=!our-networks
but there is a problem with the line :
Code: Select all
add action=add-src-to-address-list address-list=24-hour-list address-list-timeout="1d 00:00:00" chain=bad-host-detection comment="If seen 20 time in 30 seconds add to the one day block list" disabled=no nth=50 src-address-list=30-seond-list
It gives an error : failure: nth_every and nth_packet must be >= 0
Top
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7056
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:
Contact mrz

Re: script with routerOS v4.13

Mon Nov 15, 2010 11:03 am

nth=50 is not a correct value
I guess there should be nth=5,0
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: script with routerOS v4.13

Tue Nov 16, 2010 3:34 pm

nth=50 is not a correct value
I guess there should be nth=5,0
I did this and I get the error:
value of packet out of range (1..4294967295)
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: script with routerOS v4.13

Thu Dec 16, 2010 7:52 am

Is there solrion for this code for v4.15?
Top
 
namo
Long time Member
Long time Member
Topic Author
Posts: 530
Joined: Sat Oct 03, 2009 4:44 pm

Re: script with routerOS v4.13

Thu Dec 16, 2010 5:10 pm

I deleted nth=50 in the code and in he firewall rule in Winbox, there is nth option which has two values:
every :
packet

should I every with 20 and packet with 1? I want the IP to become in 24hr-list if appears 20 times in 30-seond-list

Note: It says that every has to be bigger than packet
Top
Post Reply

Who is online

Users browsing this forum: BenceLK and 59 guests
  4. RouterOS
  5. Scripting