I need a Script that can delete all connections in IP--->Firewall--->Connections
I use this below script but it does not remove all .
Code: Select all
/ ip firewall connection {:foreach r in=[find] do={remove $r}}
Best Regards
/ ip firewall connection {:foreach r in=[find] do={remove $r}}
/ip firewall connection remove [find]
:local e 1
:while ($e) do={
:set e 0
:do {/ip firewall connection remove [find]} on-error={:set e 1}
}
If there are a lot of connections - about 5600,
then I had to run to clean
/ ip firewall connection remove [find]
5 times.
At first I received a response in the terminal
no such item (4)
/ip fire conn
:foreach idc in=[find where timeout>60] do={
remove [find where .id=$idc]
}
what does " no such item (4)" mean ?If there are a lot of connections - about 5600,
then I had to run to clean
/ ip firewall connection remove [find]
5 times.
At first I received a response in the terminal
no such item (4)
:log warning "PRIMARY link seems to be DOWN - Running Down script"
/ip route set [find comment="Default Route"] distance=15
/ip firewall connection {:foreach i in [find protocol="tcp"] do={remove $i}}
/ip firewall connection {:foreach i in [find protocol="udp"] do={remove $i}}
/ip firewall filter set [find comment ="tcp reset"] disabled=no
delay delay-time=10
/ip firewall filter set [find comment ="tcp reset"] disabled=yes
/system script run DynDnsF
/tool e-mail send to=myemailaddress@noemail.com subject="$[/system identity get name] network change" body="Primary connection failed and successfully connected to secondary"
{
do {
:local e 1;
:while ($e=1 ) do {
:set e 0;
:do {
/ip/firewall/connection/remove [find];
} on-error={
:set e 1;
:log info "error 1 removing FW connection";
}
}
:log info "SUCCESS removing FW connection";
} on-error={
:log info "error 2 removing FW connection";
}
}
/ip firewall connection print where (timeout>60) [remove $".id"]If the device is fast enough, the timeout can be decreased from 60 to at least 10 seconds
/ip/firewall/connection/print where (timeout>15) [remove $".id"]
{
:log info "Starting FW connection tacking cleanup";
:do {
:foreach entery in=[/ip/firewall/connection/find] do={
/ip/firewall/connection/remove $entery;
}
} on-error={
:log info "error 1 removing FW connection";
}
:log info "Fininshed FW connection tacking cleanup";
}
faster way code
/ip firewall connection print where (timeout>60) [remove $".id"]
If you remove the (timeout>60) matcher in @rextended version, it should still work against all records. The "where" still has something to do e.g. [:remove $".id"], even without matchers.The above will run even without making sure any 10 or 15 or 30 or 60...