Community discussions

MikroTik App
 
max232
just joined
Topic Author
Posts: 7
Joined: Fri Apr 24, 2020 11:17 pm

7.1.1 firewall connection

Sun Jan 02, 2022 9:55 pm

regularly command:
ip firewall connection print count-only
results in an error: script error: no such item (4)

I've tried isolating the command with:
: do {} on-error = {)
It doesn't help either.
The problem has been going on in my memory since 2016.
I'd like to solve it very much.
Maybe someone knows a solution?

I understand that the number of records is constantly changing.
But this is a statistical command, which, in principle, should not lead to an error.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: 7.1.1 firewall connection

Mon Jan 03, 2022 1:06 am

Can you elaborate more on how you use the command,
and maybe provide the Script or Scheduler you use it in ?

I quickly tested the command in a script without error on both 6.49.1 and 7.1.1
 
max232
just joined
Topic Author
Posts: 7
Joined: Fri Apr 24, 2020 11:17 pm

Re: 7.1.1 firewall connection

Mon Jan 03, 2022 1:11 am

Can you elaborate more on how you use the command,
and maybe provide the Script or Scheduler you use it in ?

I quickly tested the command in a script without error on both 6.49.1 and 7.1.1

ip firewall connection print count-only where dst-address~":1701"

For instance.

I have multiple routers.
This problem is on those routers with a lot of connections (3000 - 10000).
Every second the amount changes dramatically.
The problem appears in about 25% of requests


for x from=0 to=100 do={ip firewall connection print count-only where dst-address~":1701";ip firewall connection print count-only where src-address~":1701"; }

Run this loop in terminal and you will see the problem
https://ibb.co/Jnv9hXq
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: 7.1.1 firewall connection

Mon Jan 03, 2022 2:07 am

Try this,
/ip firewall connection print count-only interval=1 where dst-address~":1701" || src-address~":1701"
 
max232
just joined
Topic Author
Posts: 7
Joined: Fri Apr 24, 2020 11:17 pm

Re: 7.1.1 firewall connection

Mon Jan 03, 2022 1:28 pm

Try this,
/ip firewall connection print count-only interval=1 where dst-address~":1701" || src-address~":1701"
https://ibb.co/qxXwR1d

I've tried many different options.
The problem is in RouterOS
/ip firewall connection print count-only interval=1 where dst-address="xxx.xxx.xxx.xxx:1701" || src-address="xxx.xxx.xxx.xxx:1701"
And that doesn't work either

Who is online

Users browsing this forum: drpioneer and 20 guests