on virtualized x86:Code: Select all#error exporting /system routerboard mode-button
becameCode: Select all/dude set enabled=yes
both RBs and dude are working properly..Code: Select all#error exporting /dude
great!ndbjorne - "/system routerboard" export is fixed in 6.41rc versions and will be fixed also in 6.40.3.
It solved by itself (maybe dude was not fully running?)As for Dude export - we have not seen such error previously. Please send supout file from your device to support@mikrotik.com. Can you run "/dude print" and see what happens?
[me@VM-ROS] > /dude print
enabled: yes
data-directory: dude
status: running
[me@VM-ROS] > /dude export
# aug/24/2017 18:25:16 by RouterOS 6.40.2
# [...]
/dude
set enabled=yes
[me@VM-ROS]
Please release 6.40.3 asap.Yes, WWW crash is fixed in 6.41rc version:
viewtopic.php?f=21&t=123936&start=100#p614770
This fix will be included also in 6.40.3 version. It was made too late when 6.40.2 was already built and being tested for release.
what's the problem with hotspot server in 6.38.7, for example?Please release 6.40.3 asap.
I can't run hotspot server now.
www and www-ssl unresponsive randomly from 6.40.1what's the problem with hotspot server in 6.38.7, for example?Please release 6.40.3 asap.
I can't run hotspot server now.
Check Log - the reason is thereHello!
I have problem with multicast packade in 6.40.2 FW on hEX(RB750Gr3) router.
I can't add packade. After drag and drop file to winbox and rebooting i not see multicast in packades list.
but 6.38.7 (actual bugfix version) should not be affected, that's why I askwww and www-ssl unresponsive randomly from 6.40.1what's the problem with hotspot server in 6.38.7, for example?Please release 6.40.3 asap.
I can't run hotspot server now.
I concern vlan and bridge error when downgrade.but 6.38.7 (actual bugfix version) should not be affected, that's why I askwww and www-ssl unresponsive randomly from 6.40.1what's the problem with hotspot server in 6.38.7, for example?Please release 6.40.3 asap.
I can't run hotspot server now.
6.40 can not use torch on ppp.I got you. Why not use 6.40 then until 6.40.3 release?
wait a minute... hw-bridges are in 6.41rc, not in 6.40, so you may freely downgrade to 6.38I concern vlan and bridge error when downgrade.
My main router have alot vlan and bridge, filter.
you can do it as wellCan you make the "list of lists" option in the firewall?
Sometimes it is necessary to block several different lists of addresses for users. In order not to write several rules, it would be simpler to create a list of lists and make a rule relative to it.
/ip firewall filter add chain=list-of-lists src-address-list=list1 action=drop
/ip firewall filter add chain=list-of-lists src-address-list=list2 action=drop
/ip firewall filter add chain=list-of-lists src-address-list=yetanotherlist action=drop
/ip firewall filter add chain=list-of-lists action=return
/ip firewall filter add chain=forward place-before=0 action=jump jump-target=list-of-lists
This will lead to an increase in the number of rules in the firewall.you can do it as wellCan you make the "list of lists" option in the firewall?
Sometimes it is necessary to block several different lists of addresses for users. In order not to write several rules, it would be simpler to create a list of lists and make a rule relative to it.
Code: Select all/ip firewall filter add chain=list-of-lists src-address-list=list1 action=drop /ip firewall filter add chain=list-of-lists src-address-list=list2 action=drop /ip firewall filter add chain=list-of-lists src-address-list=yetanotherlist action=drop /ip firewall filter add chain=list-of-lists action=return /ip firewall filter add chain=forward place-before=0 action=jump jump-target=list-of-lists
increase the number of rules, sure it will. will it hurt forwarding perfomance? that depends on many factors.This will lead to an increase in the number of rules in the firewall.
I want to reduce them for convenience and greater visibility.
This actually is a standard but little-known iptables feature in Linux that RouterOS makes visible to the user in a slightly more user-friendly way.i figure ROS is using a modified version of iptables-extensions and ipset to have address-list functionality. this has proven speed advantages over individual fw rule processing.
either way all entries will need to be evaluated one by one - albeit with ipset in a more efficient way. but most probably a single fw rule that references a 1000 entry address-list will have different (read: more) processing time compared to a fw rule with just 1 statically configured address matching (src-address=?).
yes, i wrote the same (list:set type entry) and exposing it to the CLI might not be such a big deal as you wrote. but i am not sure whether circular references are handled properly, and this is quite an annoying flaw if you can nest lists that refer to each other, and the CPU tries to recursively look up them but there's nothing that cannot be fixed with just a few lines of extra code...As the "list of lists" merely does a match of all items in the list sequentially, its efficiency is somewhere between having everything in a single set and having multiple iptables rules that each reference a different ip set.
It keeps only with bridge created/system reset-configuration no-default=yes run-after-reset=NEWCONFIG.rsc
If I clear the config, and try:/interface bridge
add auto-mac=yes name=bridge-local protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-Ce country=spain disabled=no distance=indoors frequency=auto l2mtu=1600 mode=\
ap-bridge rx-chains=0,1 tx-chains=0,1 wireless-protocol=802.11
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway
set [ find default-name=ether2 ] name=ether2-master-local
set [ find default-name=ether3 ] master-port=ether2-master-local name=ether3-slave-local
set [ find default-name=ether4 ] master-port=ether2-master-local name=ether4-slave-local
It works!/import file=NEWCONFIG.rsc verbose=yes
Sorry I did not read the posting too well In fact you already named ipset...yes, i wrote the same (list:set type entry) and exposing it to the CLI might not be such a big deal as you wrote. but i am not sure whether circular references are handled properly, and this is quite an annoying flaw if you can nest lists that refer to each other, and the CPU tries to recursively look up them but there's nothing that cannot be fixed with just a few lines of extra code...As the "list of lists" merely does a match of all items in the list sequentially, its efficiency is somewhere between having everything in a single set and having multiple iptables rules that each reference a different ip set.
This is a bug that has existed longer than that. I encountered it long ago when trying to configure wireless routers like that.Something changed on 6.40.x? Maybe a bug that will be resolved?
Adding a 30s delay it worked for me. But first time with issues with version 6.40.x, since 6.33 to 6.39.2 any issues, with more than 300 hAP lite autoprovisioned and working.This is a bug that has existed longer than that. I encountered it long ago when trying to configure wireless routers like that.Something changed on 6.40.x? Maybe a bug that will be resolved?
But only recently I saw it mentioned in another topic and it was explained why it fails.
The problem is that the rsc script is executed too soon by the router. It does not wait until everything is initialized but fires
it up immediately after boot, before some interfaces are ready.
When you try to configure the wireless it fails because the wireless interface has not yet been detected by the system...
It is of course a bug that should be fixed, but it can be worked around for now by putting a /delay at the top of the rsc file
you try to run. E.g.:
/delay 30
(of course it is difficult to know how much delay is required..... RouterOS should really fire up the script only after it knows
that device detection has finished)
I'll do it that way.In such cases use something like this
while ([:len [/interface find]] < X) do={:delay 1}
Replace X with actual total number of interfaces on the router.
Please include code like that in RouterOS so it works with a .rsc that is merely an export without extra additions...In such cases use something like this
while ([:len [/interface find]] < X) do={:delay 1}
Replace X with actual total number of interfaces on the router.
I need this too!Please include code like that in RouterOS so it works with a .rsc that is merely an export without extra additions...