Community discussions

MikroTik App
 
rmichael
Forum Veteran
Forum Veteran
Topic Author
Posts: 718
Joined: Sun Mar 08, 2009 11:00 pm

delete address-list the best way

Thu Jun 24, 2010 12:54 pm

What would be the most (CPU) efficient way to delete address-list via script?
/ip firewall address-list remove [/ip firewall address-list find list=xxx]
???
 
blake
Member
Member
Posts: 426
Joined: Mon May 31, 2010 10:46 pm
Location: Arizona

Re: delete address-list the best way

Thu Jun 24, 2010 1:26 pm

/ip firewall address-list remove [/ip firewall address-list find list="list-
name"]
Hmm, started writing that before your edit. Yes, I think that's the most CPU efficient method.
 
mosdef
just joined
Posts: 1
Joined: Sun Jan 28, 2018 8:15 am

Re: delete address-list the best way

Fri Apr 17, 2020 6:54 pm

I was struggling with getting this to work. Then I realized the list name is case sensitive. FYI
 
SimonThomasen
newbie
Posts: 32
Joined: Thu Apr 05, 2012 12:46 am

Re: delete address-list the best way

Mon Nov 23, 2020 11:54 am

If the list is like >3000 entries, i found that removing the entire list in 1 command will make cpu go very high for a few seconds. So,
can delete them in 255 steps with a 100 ms delay in between. Will push it up to 25 seconds, but CPU will be a lot lower.

This SHOULD work. Remember to change the list name.


{
:for i from=1 to=254 do={
:put "remove $i"
/ip firewall address-list remove [/ip fi address-list find where (list=LISTNAME and address~"^$i\\..*")]
:delay 0.1
}
}
 
pe1chl
Forum Guru
Forum Guru
Posts: 10183
Joined: Mon Jun 08, 2015 12:09 pm

Re: delete address-list the best way

Mon Nov 23, 2020 11:59 am

Of course the total amount of CPU time spent will be more in that case, it will be spread over a longer time so it may look less severe in graphs.
It depends on what is your problem. When you have a very old model with 1 CPU (like in 2010 when this question was first asked) maybe there is some impact of running such a long task, but more modern routers have 2, 4 or more CPUs (cores) and it should not matter when you load 1 core to 100%.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: delete address-list the best way

Mon Nov 23, 2020 8:51 pm

Did a test on my RB750Gv3 with an access liste with 8400 ip address, it did take just 5-6 seconds.
Test was to fast done so I did not get any CPU load
So I think that is is not a problem with newer routers.
/ip firewall address-list remove [/ip firewall address-list find list="FW_Block_unkown_port"]
You are going in to this access list if you try to access any port on my router that is not open. You will then be blocked to any port (also open) for 24 hours.
Here is my Splunk app showing number of IP address in the access list going down when I deleted the list. It will quickly grow up again :)
access-list.jpg
You do not have the required permissions to view the files attached to this post.
 
User avatar
Kelalatir
newbie
Posts: 42
Joined: Mon Feb 29, 2016 7:22 pm

Re: delete address-list the best way

Wed Aug 31, 2022 11:16 pm

This thread is a bit old, but I just want to say the info here saved me a ton of hassle.

I just deleted a specific IPv6 address list of over 600,000 entries on my router without touching any of the other 10 IPv6 address lists. The code I used was:
/ipv6 firewall address-list remove [/ipv6 firewall address-list find list="Address_List_Name"]
It took about 10 minutes, but it completed successfully.

Thanks to those who worked on this topic!
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: delete address-list the best way

Thu Sep 01, 2022 1:06 am

The correct code is only
/ip firewall address-list remove [find where list="Address_List_Name"]
# or
/ipv6 firewall address-list remove [find where list="Address_List_Name"]

Who is online

Users browsing this forum: Cmon169 and 14 guests