:if ([ /interface wireless get [find name="wlan1"] value-name=running ] = false) do={ :if ([ /interface wireless get [find name="wlan1"] value-name=mode ] != "ap-bridge") do={ :log info "Switching WiFi mode back from station to ap bridge to bring up interface"...

Looking to write a script to swap the wlan interface to ap bridge when it's not running. i.e. permit configuration via wifi AP i'm using only has one radio so need a way to update the security profile depending of the network i wish to connect. Assume there isn't an easier way or script existing aft...

Experienced this dialing a pfsense firewall OpenVPN server. I've had to put a 10ms tarpit in place to give LDAP time to respond as the client was very close. Emailed support in the hope the client could be improved, however, this may be a feature? pfSense feature request raised https://redmine.pfsen...

I use firewall rules which will kick an IP address if login fails after three attempts. Will this method be sufficient to be protected from this vulnerability?

Does not appear so looking at the other posts. One failed attempt was in the logs...

Is this fixed yet?

I'm trying to bridge a QinQ vlan to another VLAN on a different port. It looks to work and the likes of dhcp traffic passes. However, that is all that seems to make it across. It feels like a MTU issue bit if I give the QinQ VLAN and IP locally it can take a ping of size=1500 and do-not-fragment set...

Ideally, it would be nice to be able to specify the DNS servers in DHCPv6 options as Windows does not support ND RDNSS. Also with IPv6 ND, I would like to be able to manually configure the DNS servers to advertise. For example as it stands it will not use the RouterOS cache only the servers it cache...

Just to revive this for anyone else who comes across it. I've set-up a SXT SA5 as a client AP and it is working well. 5Ghz n and ac clients are working fine. Currently the furthermost line of sight is about 120m. However, it's penetrating 10 meters into apartments 50m away. Maybe another 20m as you ...

It's all good. I've just reverted to native IPv6 only.

IPv6 there is a fair amount missing around IPv6. However, some stuff only I would want. Other environments would have other dedicated hardware for such things.

There is no L7 matcher for IPv6.

http://i.mt.lv/routerboard/files/SXT-G-5HPnD-SA-qg.pdf

It says 16dBi but the spec sheet says 13dBi.

Currently I have regulatory-domain setup for 16 as I just read it straight from the quick guide in the box. However, if it's definitely 13 I'll change it.

Thanks.

Taking on your approach. /ip dns set allow-remote-requests=yes servers=8.8.8.8,8.8.4.4 /ip firewall layer7-protocol add name="no AAAA answer" regexp="^.\?.\?\\x81\\x80\\x01\\x01.\?.\?([\\x01-\\\?][a-z0-9\\-_]+)+\\x1c\\x01\\xc0.\\x06" /ip firewall filter add action=add-dst-to-addr...

Thanks. I've just been testing and that regexp works well. Unfortunately the DNS server just moves to the next one and never returns. My current thinking on how to overcome this is add an address-list every time there is dns traffic from the secondary server and then trigger a script to set the dns ...

Waiting on my device to show up. Ordered online from a store that said in stock but it wasn't. Been waiting for weeks. Very annoying. I think this regexp will catch it. It's a bit hard given the NULLs are stripped. Maybe someone can cast their eye over it. add comment="DNS No AAAA Records"...

You're right. It occurred to me while trying to sleep last night that I couldn't simply retry or forward the request again. Would it be possible to drop replies for the resolver where there are no AAAA entries so it will try the next resolver configured? I'm not familiar with what that might do othe...

Can someone help me with how I might do this. I have access to a DNS64 server (and gateway but the setup is out of my control). However, it is far from local (opposite side of the world). So ideally in my IPv6 only set-up I'd like normal AAAA DNS requests to land on the local DNS server so IPv6 enab...

The sad thing is (from IPv6 fan's perspective), they're right, there isn't an answer that would convince them. Because there is that market who cannot afford the IPv4 space and as others adopt IPv6 the opportunity of an interconnected world creates new opportunity that may well force them to change...

I'm running my mobile single stack IPv6 and it is using 464XLAT and it's fine. I feel that NAT64 (and DNS64) are almost must haves in 2016. I don't quite understand how CLAT in a gateway is any better than NAT behind a CGNAT. The clients are both still behind double NAT, however, I would want this f...