Community discussions

MikroTik App
 
sleerf
newbie
Topic Author
Posts: 47
Joined: Tue Sep 13, 2016 9:12 am

Remove 1 line from firewall rules: spent 2 hours before asking for help

Wed Aug 28, 2019 4:32 am

UPDATE: OK. This is silly. I was able to print the entire list with number for rules with just one command: print
:-) I was greeted with the entire rules list with numbers. This one turned out to be number 34! Why? No clue. I counted and recounted and it should have been 31. And no 34 came up in the previous print command. &^$&!

So I tried another command: disable
And it greeted me with: number:
So I typed: 34
Bam! Rule gone! But after several attempts I'm now the victim of my own firewall rules. I'm certain I've blacklisted the IP I'm remoting in from!
Next step.... run a VPN connection and see if I can appear from a different IP address I guess. I'll post what happens here in case anyone else has this problem. lol Crackin up on myself. :-P



I've been through the forums for 2 hours now and I give up. I kicked myself out from being able to access a router remotely through winbox with the following firewall rule.

add action=drop chain=input in-interface-list=!LAN

I don't know what I was thinking. I was on the phone at the time so maybe I just wasn't.

Now the only way I can get in is through the command line via MAC Telnet through another router upstream on the same network. The router is locked in a comms closet and the site admin is on vacation. I was making some changes for SNMP monitoring for a new system we're deploying tomorrow and I need winbox access back asap.

I've tried dozens of things from various places on the forum but the codes just won't do what I want. There is no comment in the comment section (The ONLY rule that doesn't have a comment!) The following doesn't give me a list:
:foreach rule in=[ /ip firewall filter find action=drop ] do={:put [/ip firewall filter get $rule chain]}

Instead I get
input
input
input
input
input

:put [ /ip firewall filter find action=drop ] it seems should provide a ilst of all rules that have action=drop in them.

What I get is this: *2f;*9;*a;*c;*19;*20;*27;*31

Great, right? It's the last rule on the list so I figured it was line 31. I can see it via /ip firewall print.

So I tried this: filter unset number=31

The result?
value-name: export
Script Error: action cancelled

So I tried: :put [ /ip firewall filter find in-interface-list=!LAN ] and I get nothing. No errors. just the next prompt.
Browsing on the boards I see something: disable=31 .. and think "Ah. I did it wrong." (from /IP firewall filter)
no errors.I think I have it. Nope. Print firewall shows it's still there.

So I give in. Asking for help. I'm sure I'm overlooking something simple but I just can't respolve this myself and need help. Thanks!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2039
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Remove 1 line from firewall rules: spent 2 hours before asking for help

Wed Aug 28, 2019 8:08 am

:put [ /ip firewall filter find action=drop ] it seems should provide a ilst of all rules that have action=drop in them.
What I get is this: *2f;*9;*a;*c;*19;*20;*27;*31
Great, right? It's the last rule on the list so I figured it was line 31. I can see it via /ip firewall print.
Not right, it could be any of your rules.
You need to find rule by uniqueness. Eks comment, whats inn it etc.

post the output of
export hide-sensitive
mark the rule you like to delete and why, ans we can find a way to do it from a script.
 
Try to use Splunk to monitor your MikroTik Router(s). Look at this page in how to set it up.

MikroTik->Splunk
 

Who is online

Users browsing this forum: Baidu [Spider], drupol, SpartanX and 146 guests