Community discussions

MikroTik App
 
jklpl
just joined
Topic Author
Posts: 9
Joined: Wed Mar 14, 2012 3:16 pm

Firewall Rules in backup

Thu Apr 19, 2012 4:32 pm

I need to add few rules to my ip firewall whtch contain: first ip address from wlan1.

example:
need to do dst-nat for one of the ip

add action=dst-nat chain=dstnat disabled=no dst-address=172.16.190.10 dst-port=\
!8291 protocol=tcp to-addresses=192.168.1.50
add action=dst-nat chain=dstnat disabled=no dst-address=172.16.190.10 dst-port=\
!8291 protocol=udp to-addresses=192.168.1.50

[admin@MikroTik] > ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 192.168.100.252/24 192.168.100.0 ether1
1 172.16.190.10/24 172.16.190.0 wlan1

ip address get value-name=address number=1
#no answer :(
Last edited by jklpl on Thu Apr 19, 2012 6:49 pm, edited 1 time in total.
 
User avatar
cbrown
Trainer
Trainer
Posts: 1839
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Re: Firewall Rules in backup

Thu Apr 19, 2012 5:56 pm

I need to add rule whitch contains that ip address from wlan1 in "first-config" for CPE.
huh?
 
jklpl
just joined
Topic Author
Posts: 9
Joined: Wed Mar 14, 2012 3:16 pm

Re: Firewall Rules in backup

Thu Apr 19, 2012 6:51 pm

huh?[/quote]

I edited the post. My problem was quite simple.

The solution:
:put [/ip address get value-name=address number=0]

But there is next problem:
Is it possible to add a rule with other type of ip address declaration?
(when I change an ip, the rule will be also changed?)
Last edited by jklpl on Thu Apr 19, 2012 7:27 pm, edited 2 times in total.
 
User avatar
cbrown
Trainer
Trainer
Posts: 1839
Joined: Thu Oct 14, 2010 8:57 pm
Contact:

Firewall Rules in backup

Thu Apr 19, 2012 6:57 pm

You could use the in-interface option instead.
 
User avatar
c0d3rSh3ll
Long time Member
Long time Member
Posts: 557
Joined: Mon Jul 25, 2011 9:42 pm
Location: [admin@Chile] >

Re: Firewall Rules in backup

Thu Apr 19, 2012 9:02 pm

 ip firewall nat set to-addresses=[/ip address get value-name=address number=0] [/ip firewall nat find comment=redirect]