MikroTik

vklpt

and then the "if (true) do={" doesn't make a good impression to leave pieces thrown there at random...
and then on-horror-resume-next never bodes well..

Admirable argumentation from the author of a better solution that does not even work properly (and shouldn't) lol:

vklpt

Use the loop if it does not.

So why don't I use my own solution?

vklpt

I don't see any advantage in a double search

vklpt

and this: https://github.com/vikilpet/mikrotik-interface-check

vklpt

ashpri, take a look: https://github.com/vikilpet/mikrotik-interface-check

vklpt

Any idea/solution?

You can literally add hostnames to address-list and they are will be resolved automatically.

vklpt

eworm, please read the first post. It's an old and well-known problem.

vklpt

This works: # 2022.11.29 # UDP only local funDebug do={ if ( true ) do={ log info (" KILL_CONNECTIONS: " . $1) } } $funDebug ("start") /ip firewall connection :local arrConnections [find protocol=udp]; :local numErr 0; :foreach conn in=$arrConnections do={ :do { remove $conn } on...

vklpt

v2022-01-03
Added: favicon, reload, an asterisk at expired dates
Changed: HTML template (simpler and more mobile-friendly)

vklpt

For Python: try to replace '\n' with '\r\n'

vklpt

Demo:

vklpt

https://github.com/vikilpet/mikrotik-interface-check Advantages: - Can be used for one or more interfaces. - Any type of interface. - Ping several addresses (relying on one is too unreliable). - You can run it as often as you like - it can detect fail relatively fast. - Easy setup - you only need to...

vklpt

v2020-08-01 changed job_pool and job_batch so that parallel execution is a bit more convient to use.

vklpt

v2020-07-23 + hotkey «s». Now you can add new users without having to restart the program.

vklpt

v2020-04-23 + hotkeys

vklpt

Upload TOR nodes to router: def MikroTik_TOR_nodes_update(submenu='demo'): # Only one fetch per 30 minutes allowed # by the author of list! # Skip IPv6 addresses. ROUTER_IP = '192.168.88.1' USER = 'admin' PWD = 'PaSsW0rD' # Exit nodes only: URL = 'https://www.dan.me.uk/torlist/?exit' LIST_NAME = 'TO...

vklpt

v2020-04-20
new logging format

web_knocking_2020-04-20_16_42_53.png

vklpt

v2020-04-15
+ Logging to a file

vklpt

The code is now publicly available.
It also may work with non-routeros devices with help of netmiko but i have MikroTik's only.

vklpt

It is possible to run commands in parallel ( v2020-08-01 update) Example - remove UDP connections without reply on all routers: def MikroTik_Remove_UDP_connections_without_reply(submenu='demo'): ''' Send this command to all routers simultaneously: /ip firewall connection remove [find protocol=udp an...

vklpt

New function - routeros_find_send to simplify editing of existing settings. Remove static items from address-list: routeros_find_send( cmd_find=[ '/ip/firewall/address-list/print' , '?list=MY_LIST' , '?dynamic=false' ] , cmd_send=['/ip/firewall/address-list/remove'] , device_ip='192.168.88.1' , devi...

vklpt

Open source scripting platform for Windows with RouterOS API support. Платформа для скриптов с поддержкой ROS https://github.com/vikilpet/Taskopy Russian page: https://vikilpet.wordpress.com/taskopy/ Example — add IP from clipboard to address-list "my_list": def add_ip_to_list(hotkey='alt+...

vklpt

Besides being less practical than nping You did not get the idea. I suspected the executable might be malicious. VT Detection ratio: 11 / 70 Check VirusTotal: https://www.virustotal.com/en/file/d81c4fc522dad30fc355e92d53799542552fb7bf31f4597a9ee065156a70d40d/analysis/ If you believe in power of heu...

vklpt

Update:
• New ini parameter: url_prefix

vklpt

packet-mark and routing-mark are different things. You should use mark-packet action in mangle

vklpt

May be you messed up with source/destination port or source/destination queuing. You better show your rules.

vklpt

@sob: good point. I automatically expected he talks about HTTP because the domain is completely irrelevant in ICMP and most other protocols. @vklpt: Nope. Layer7 communication starts AFTER the L4 is established. And NAT has to occur on first packet of connection. Even the definition of L7 matcher d...

vklpt

It sounds like link congestion issue. You should monitor traffic load of your interfaces and CPU load of your router.

vklpt

Many SIP devices have RTP port range in settings, so you can set that range and match RTP packets by range.
Other way there may be setting in SIP devices to mark packets with DSCP so you can use those markings in mangle.

vklpt

You should try to use content or Layer7 matcher to distinguish those packets in NAT rules.

vklpt

Check if your IP's listed in spam databases, for example here
https://2ip.ru/spam/

vklpt

Add this servers to address-list: https://docs.microsoft.com/ru-ru/office365/enterprise/urls-and-ip-address-ranges then mark traffic from and to this address-list with some marks. Also you need mark all other traffic with another marks. Then make a queue tree: https://wiki.mikrotik.com/wiki/Manual:Q...

vklpt

Why not just google "mikrotik port forwarding"?
https://wiki.mikrotik.com/wiki/Manual:I ... FTP_server

vklpt

/interface eoip add loop-protect=off mac-address=02:20:98:72:C9:A2 name=eoip-tunnel1 remote-address=11.11.11.10 tunnel-id=500 add loop-protect=off mac-address=02:20:98:72:C9:A2 name=eoip-tunnel2 remote-address=22.22.22.10 tunnel-id=501 /interface eoip add loop-protect=off mac-address=02:26:13:F5:00...

vklpt

And so on?

Yes, or you can use just route with 8 gateways.

vklpt

web_knocking_en_2020-04-13_19_51_26.png Let's call it «Web Knocking». The idea is simple - we open the ports just by clicking on the link. This is a web server that sends IP addresses of valid requests to the white list and IP addresses of bad requests to the black list: https://github.com/vikilpet...

Search found 36 matches

Re: Error when trying to clear firewall connections

Re: Error when trying to clear firewall connections

Re: Error when trying to clear firewall connections

Re: Automated WAN Failover using 2 DHCP WAN connections

Re: Script for recursive failover based on packet loss

Re: Create/update address-list from a .txt file/link IPs and add the hostname to the comment's of each

Re: Error when trying to clear firewall connections

Re: Error when trying to clear firewall connections

Re: Port knocking with URL

Re: Mikrotik script how to line break

Re: Yet another interface check script

Yet another interface check script

Re: Python scripting platform

Re: Port knocking with URL

Re: Port knocking with URL

Re: Python script platform

Re: Port knocking with URL

Re: Port knocking with URL

Re: Port knocking with URL

Re: Python script platform

Re: Scheduler with API support

Python scripting platform

Re: Port knocking alternative

Re: Port knocking alternative

Re: QUEUE only for one TCP port

Re: QUEUE only for one TCP port

Re: redirect subdomain(NAT) [SOLVED]

Re: Voice Quality Issue

Re: Routing SIP to specific WAN

Re: redirect subdomain(NAT) [SOLVED]

Re: Public IP Address Blacklisted

Re: Office 365 traffic shaping and priority on RouterOS

Re: publishing solar winds orion on internet

Re: Load balancing and failover, EoIP, Bond.

Re: I have 8 ISP modems and I want to load balancing with the 8 modems how to set the pcc in mangle rules

Port knocking with URL