Community discussions

MUM Europe 2020
 
brychtak
just joined
Topic Author
Posts: 15
Joined: Mon Sep 11, 2006 10:55 am

moving firewall rules by command

Wed Sep 27, 2006 12:02 pm

Hello, I have mikrotik in hotspot mode and i have problem with firewall rules. Hotspot firewall rules are dynamically added but i have a static rules as well. Everything works OK until reboot :( After reboot first rules are dynamic a last ones are my static which is bad. So i need to move static rules from bottom to top always after reboot. The command is (for example): ip firewall filter move 21 0. but what abou if on line 21 will not be my static rule but other one? I would like to have command something like this>
if firewall rule contains dstnat, source addres=192.168.91.160/27 protocol=6 (tcp) destination port=53 than move this rule to position 1... Could you help me with this script? litlle bit tough one for me. thank you in advance. Radek
 
brychtak
just joined
Topic Author
Posts: 15
Joined: Mon Sep 11, 2006 10:55 am

Mon Oct 02, 2006 6:14 pm

no idea? :( that's bad... ip firewall nat move 23 1 works ok but sometimes the rule is on line 22 sometimes 24 after reboot...
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 993
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Oct 03, 2006 2:04 pm

heh, nothing easier than that:
assign both rules a comment, say "rule1" and "rule2".
Then move arrange them with the following command:
/ip fire filter move rule1 rule2

Edit:

There is also "find" command:

/ip fire filter move [/ip fire filter find dst-addres=10.0.0.0/8] rule1
Tout individu a droit à la vie, à la liberté et à la sûreté de sa personne.
 
brychtak
just joined
Topic Author
Posts: 15
Joined: Mon Sep 11, 2006 10:55 am

Thu Oct 05, 2006 10:46 am

yes it works, thank you. but if you want to move rule by this command you have to do a command "print all without-paging" before. if you paste these commands into run-scripts (or scheduler - doesn't matter) it won't work :( in new terminal no problem or telnet.

ip firewall filter print all without-paging
ip firewall filter move [/ip firewall filter find comment=0000] 0
ip firewall filter move [/ip firewall filter find comment=0001] 1

ip firewall nat print all without-paging
ip firewall nat move [/ip firewall nat find comment=0000] 0
ip firewall nat move [/ip firewall nat find comment=0001] 1

I need these commands running every reboot because my firewall rules are on the bottom after reboot which is bad...

Radek

heh, nothing easier than that:
assign both rules a comment, say "rule1" and "rule2".
Then move arrange them with the following command:
/ip fire filter move rule1 rule2

Edit:

There is also "find" command:

/ip fire filter move [/ip fire filter find dst-addres=10.0.0.0/8] rule1
 
olmi
just joined
Posts: 19
Joined: Thu Apr 26, 2007 3:58 pm

Thu Apr 26, 2007 9:04 pm

Under the given instruction for me does not work. I do as all it is written. Some attempts did. Where a mistake? Help!
(Comments has added rule1 rule2)
1. [admin@MikroTik] > ip firewall nat move rule2 rule1
no items or no numbers defined

2.[admin@MikroTik] > ip fire filter move [/ip firewall filter comment=rule1] [/ip firewall filter comment=rule2]
invalid item number

Prompt how correctly to make a script which will mix chains.

I am sorry for my English.
In advance thanks.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Thu Apr 26, 2007 9:51 pm

1. only numbers can be specified. For example if you want to move rule 3 to first position:
/ip firewall nat move 3 0

2. use find command
/ip fire filter move [/ip firewall filter find comment=rule1] [/ip firewall filter find comment=rule2]
 
olmi
just joined
Posts: 19
Joined: Thu Apr 26, 2007 3:58 pm

Fri Apr 27, 2007 3:27 pm

[admin@MikroTik] > /ip fire filter move [/ip firewall filter find comment=rule1
] [/ip firewall filter find comment=rule2]

no items or no numbers defined
 
Ehman
Member
Member
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: moving firewall rules by command

Thu Oct 03, 2013 6:25 pm

Now I'm sitting with the same problem!, all the methods in here are dodgy...I need to move 10 rules on the top, I had a power failure and all my top rules on my hotspot moved down causing me to have critical access blocked from clients :(

how can I fix this with a script every time my unit boots
Last edited by Ehman on Thu Oct 03, 2013 6:55 pm, edited 1 time in total.
 
Ehman
Member
Member
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: moving firewall rules by command

Thu Oct 03, 2013 6:30 pm

I've got 10 of them example:
/ip firewall filter move [find comment='rule0"] 0
/ip firewall filter move [find comment='rule1"] 0
/ip firewall filter move [find comment='rule2"] 0
/ip firewall filter move [find comment='rule3"] 0
/ip firewall filter move [find comment='rule4"] 0
/ip firewall filter move [find comment='rule5"] 0
/ip firewall filter move [find comment='rule6"] 0
/ip firewall filter move [find comment='rule7"] 0
/ip firewall filter move [find comment='rule8"] 0
/ip firewall filter move [find comment='rule9"] 0
If I paste that in my terminal, then its does the job, but if I make a script out of that code, its a mess sometimes... it makes no sense

bug in ros? :?

I'm running v6.3
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5950
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: moving firewall rules by command

Fri Oct 04, 2013 10:43 am

 
Ehman
Member
Member
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: moving firewall rules by command

Fri Oct 04, 2013 12:02 pm

Hi, yea.. I've been checking your post out, but its not working
1. only numbers can be specified. For example if you want to move rule 3 to first position:
/ip firewall nat move 3 0

2. use find command
/ip fire filter move [/ip firewall filter find comment=rule1] [/ip firewall filter find comment=rule2]
no luck, the first one might work, but I've got 73 rules, and don't know where the rules are changing to and it not to say that it will change every time I reboot, so I cant make a startup schedule, it happened once on a dodgy power failure... I were unable to replicate the scenario ever since, if it reboots.. no issue... if I unplug the power.. no issue...sooo mikrotik weird

I use find comment on my rules to move to 0, but it still doesn't do it in the right order like in script and if I post the exact! same code in terminal it does a different job, I would say, it works better, but seconds later, it doesn't work at all ...its just plain dodgy, that's the only way to describe it and doesn't do the job right, so I'm going to BUY a ups and hope for the best :?

Who is online

Users browsing this forum: No registered users and 13 guests