Community discussions

MikroTik App
 
Tobi
just joined
Topic Author
Posts: 2
Joined: Mon Feb 13, 2023 4:35 pm

Firewall filter by binary / hex Value

Mon Feb 13, 2023 5:00 pm

I got a Gateway that receives LoRa messages and forwards them via LTE to the internet.

I don´t want everybody to use my LTE-Volume. So I am trying to set up a Firewall that doesn´t forward these unknown devices.
Setting up a filter for every device will be very time consuming due to there are many. But they all have in common that they provide their AppEUI (some Hex values) during transmission.

Is it possible to create a Firewall rule that searches for this hex Value and just forewords the packages including them, or to write a script that does the job?

Thanks
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Firewall filter by binary / hex Value

Mon Feb 13, 2023 7:02 pm

Firewall supports "content" matcher. Only if I remember correctly and nothing changed, any unprintable characters have to be entered using CLI (e.g. content="\01\20\ff") and they will show as garbage in GUI.
 
Tobi
just joined
Topic Author
Posts: 2
Joined: Mon Feb 13, 2023 4:35 pm

Re: Firewall filter by binary / hex Value

Mon Mar 20, 2023 4:12 pm

Sorry for the late response, becauseI ran into some other complications.

I´ve tried the content matcher and it seems to filter something, but not what it is supposed to.
I have set up two rules that should filter out the same content.
The first one is set up by the command line and filters out content=!"01\fe\00\32\35\31\32\30" which shows in the advanced filter settings as "e" (not shown right here).
The second one is set up via the GUI and there I set the content to !"01fe003235313230". This rule is not used due to the first one seems to filter everything just fine.
The rest of the two filters is identical. chain = output, protocol = udp, Dst. Port 1700 (set up in config for LoRa), action = drop, content = !"01fe003235313230".
So the Firewall should drop every packet, that does not contain that very specific content.
But when I check in Wireshark, there are still "stranger-packets" with an unknown EUI send to the internet.

Why does the content filter filter "random" packets but not the intended ones? Is it possible to check which packets got dropped?

Who is online

Users browsing this forum: Bing [Bot], EmuAGR and 77 guests