Could I create rule to make user from specific ip can access the internet based on time interval? i.e. on Sunday to Friday, from 9.00 AM to 17.00 PM the user from specific IP can access the internet.
I had tried to use the extra menu, in the time access, it doesn't work.
Scheduler
there is not a reason to not work... but if you want - try do do this with a scheduler
I want to create rule for Local Traffic Outbound to internet based on time
in the Chain "Local_Outbound".
i.e. the user from IP 192.168.0.121 granted to access the internet from 9:00 to 17:00 every monday to friday(working full day),
and on saturday the user can access the internet from 9:00 to 12:00
(working half day)
/ ip firewall filter
add chain=Local_Outbound src-address=192.168.0.121 \
time=9h-17h,fri,thu,wed,tue,mon action=accept comment="" \
disabled=no
add chain=Local_Outbound src-address=192.168.0.121 \
time=9h-12h,sat action=accept comment="" \
disabled=no
I had tried to add the rule in "Local_Outbound" chain, but no traffic passing through the rule.
I want to create it with scheduler, but I confuse how to make the script work on specific day and time.
I also had posted in the forum, how i can manage to resolve specific hostname that had several ip address.
i.e. http://www.google.com resolve to 66.249.89.104, 66.249.89.9
but when I use the :resolve http://www.google.com
It only return one ip instead.
I want to make it available in Address List, so I can manage which site can be access by user.
Thanks
in the Chain "Local_Outbound".
i.e. the user from IP 192.168.0.121 granted to access the internet from 9:00 to 17:00 every monday to friday(working full day),
and on saturday the user can access the internet from 9:00 to 12:00
(working half day)
/ ip firewall filter
add chain=Local_Outbound src-address=192.168.0.121 \
time=9h-17h,fri,thu,wed,tue,mon action=accept comment="" \
disabled=no
add chain=Local_Outbound src-address=192.168.0.121 \
time=9h-12h,sat action=accept comment="" \
disabled=no
I had tried to add the rule in "Local_Outbound" chain, but no traffic passing through the rule.
I want to create it with scheduler, but I confuse how to make the script work on specific day and time.
I also had posted in the forum, how i can manage to resolve specific hostname that had several ip address.
i.e. http://www.google.com resolve to 66.249.89.104, 66.249.89.9
but when I use the :resolve http://www.google.com
It only return one ip instead.
I want to make it available in Address List, so I can manage which site can be access by user.
Thanks
Google uses geographic distribution, so you could resolve it one minute and get totally different results the next. If you start limiting by IP to google it will be a lot of maintenance.
You can probably use the dns cache (which does cache all records) and loop thru them using scripting somehow if you really needed. :resolve only resolves to a single IP for connecting outbound, just like ping does.
Sam
You can probably use the dns cache (which does cache all records) and loop thru them using scripting somehow if you really needed. :resolve only resolves to a single IP for connecting outbound, just like ping does.
Sam
Script DNS Lookup
I had manage to create the script but the question is, why the cpu load stay at 100% after i ran the script?
The script is working, but the cpu load reach out 100%.
This is the script I had create
Can anyone help me?
The script is working, but the cpu load reach out 100%.
This is the script I had create
Code: Select all
:set TheList Allow_OPS;
:set Site us.i1.yimg.com,us.rd.yahoo.com,\
us.news1.yimg.com,img.yahoo.akadns.net,\
us.a1.yimg.com;
:set IPCount "";
:set TheIP ""
:set LookHost ""
:set IP "";
:set SiteCount ([:len $Site] - 1);
:for i from=0 to $SiteCount do=\
{:set LookHost [:pick $Site $i];
:set HostCount [:len [/ip dns cache all find name=$LookHost]];
:if ($HostCount=0) do=\
{:resolve ($LookHost);};
:if ([/ip dns cache all get [/ip dns cache all find name=$LookHost] type]="CNAME") do=\
{:do {:resolve ($LookHost);
:set LookHost [/ip dns cache all get \
[/ip dns cache all find name=$LookHost] data];
} while (([/ip dns cache all get [/ip dns cache all find name=$LookHost] type])="CNAME");
};
:set TempIPCount [:len [/ip dns cache find name=$LookHost]];
:if (TempIPCount=0) do=\
{:resolve ($LookHost); :set TempIPCount ([:len [/ip dns cache find name=$LookHost]]);};
:set IPCounter 0
:foreach j in [/ip dns cache find name=$LookHost] do=\
{:set IPCounter ($IPCounter + 1);
:set HostIP [/ip dns cache get $j address];
:if ($IP="") do=\
{:set IP $HostIP;} else {:set IP ($IP . "," . $HostIP);};
};
:if ($IPCount="") do=\
{:set IPCount $IPCounter;} else {:set IPCount ($IPCount . "," . $IPCounter);};
};
:set TheListExist [:len [/ip firewall address-list find list=$TheList]];
:set StartIdxIPCount 0;
:set StartIdx 0;
:set counterIPCount [:find $IPCount ,];
:set counter [:find $IP ,];
:set IPTotal 0;
:if ($TheListExist != 0) do=\
{:for i from=0 to $SiteCount do=\
{:set LookHost [:pick $Site $i];
:if ($StartIdxIPCount < ($CounterIPCount - 1)) do=\
{:set IPTotal ([:pick $IPCount $StartIdxIPCount ($counterIPCount - 1)] - 1); \
} else {:set IPTotal ([:pick $IPCount $StartIdxIPCount] - 1);};
:set StartIdxIPCount ($counterIPCount + 1);
:set counterIPCount ($StartIdxIPCount + [:find [:pick $IPCount $StartIdxIPCount [:len $IPCount]] ,]);
:if ($IPTotal=0) do=\
{:if ($counter<$StartIdx) do={:set counter [:len$IP]};
:set TheIP [:pick $IP $StartIdx $counter];
:set StartIdx ($counter + 1);
:if ([:len [:find [:pick $IP $StartIdx [:len $IP]] ,]] = 0) do=\
{:set counter [:len $IP]} else \
{:set counter ($StartIdx + [:find [:pick $IP $StartIdx [:len $IP]] ,]);};
:foreach k in [/ip firewall address-list find list=$TheList] do=\
{:if ([/ip firewall address-list get $k comment]=$LookHost) do=\
{:if ([/ip firewall address-list get $k address]!=$TheIP) do=\
{/ip firewall address-list remove $k};
};
};
};
:if ($IPTotal>0) do=\
{:foreach j in [/ip firewall address-list find list=$TheList] do=\
{:set RuleID [/ip firewall address-list find comment=$LookHost];
:if ([:len $RuleID] > 0) do=\
{:if ([/ip firewall address-list get $j comment] = $LookHost) do=\
{:set Matched false; :set LoopCounter $counter; :set LoopStartIdx $StartIdx;
:for l from=0 to=[:tonum($IPTotal)] do=\
{:if ($LoopCounter<$LoopStartIdx) do={:set LoopCounter [:len$IP]};
:set TheIP [:pick $IP $LoopStartIdx $LoopCounter];
:set LoopStartIdx ($LoopCounter + 1);
:if ([:len [:find [:pick $IP $LoopStartIdx [:len $IP]] ,]] = 0) do=\
{:set LoopCounter [:len $IP]} else \
{:set LoopCounter ($LoopStartIdx + [:find [:pick $IP $LoopStartIdx [:len $IP]] ,]);};
:if ([/ip firewall address-list get $j address]=$TheIP) do=\
{:set Matched true;};
};
:if (!$Matched) do={/ip firewall address-list remove $j};
:set Matched false;
};
};
};
:set counter $LoopCounter; :set StartIdx $LoopStartIdx
};
};
};
:set TheListExist [:len [/ip firewall address-list find list=$TheList]];
:set StartIdxIPCount 0;
:set StartIdx 0;
:set counterIPCount [:find $IPCount ,];
:set counter [:find $IP ,];
:set IPTotal 0;
:for i from=0 to=$SiteCount do=\
{ :set LookHost [:pick $Site $i];
:if ($StartIdxIPCount < ($CounterIPCount - 1)) do=\
{:set IPTotal ([:pick $IPCount $StartIdxIPCount ($counterIPCount - 1)] - 1); \
} else {:set IPTotal ([:pick $IPCount $StartIdxIPCount] - 1);};
:set StartIdxIPCount ($counterIPCount + 1);
:set counterIPCount ($StartIdxIPCount + [:find [:pick $IPCount $StartIdxIPCount [:len $IPCount]] ,]);
:if ($IPTotal=0) do=\
{:if ($counter<$StartIdx) do={:set counter [:len$IP]};
:set TheIP [:pick $IP $StartIdx $counter];
:set StartIdx ($counter + 1);
:if ([:len [:find [:pick $IP $StartIdx [:len $IP]] ,]] = 0) do=\
{:set counter [:len $IP]} else \
{:set counter ($StartIdx + [:find [:pick $IP $StartIdx [:len $IP]] ,]);};
:if ($TheListExist = 0) do=\
{/ip firewall address-list add list=$TheList \
address=$TheIP comment=$LookHost disabled=no
}
:if ($TheListExist != 0) do=\
{:foreach k in [/ip firewall address-list find list=$TheList] do=\
{:set RuleID [/ip firewall address-list find address=$TheIP];
:if ([:len $RuleID] = 0) do=\
{/ip firewall address-list add list=$TheList \
address=$TheIP comment=$LookHost disabled=no
};
:if ([:len $RuleID] > 0) do=\
{:foreach l in [/ip firewall address-list find address=$TheIP] do=\
{:if ([/ip firewall address-list get $l comment]!=$LookHost) do=\
{/ip firewall address-list remove $l
/ip firewall address-list add list=$TheList \
address=$TheIP comment=$LookHost disabled=no
};
};
};
};
};
} ;
:if ($IPTotal>0) do=\
{:for j from=0 to=[:tonum($IPTotal)] do=\
{:if ($counter<$StartIdx) do={:set counter [:len$IP]};
:set TheIP [:pick $IP $StartIdx $counter];
:set StartIdx ($counter + 1);
:if ([:len [:find [:pick $IP $StartIdx [:len $IP]] ,]] = 0) do=\
{:set counter [:len $IP]} else \
{:set counter ($StartIdx + [:find [:pick $IP $StartIdx [:len $IP]] ,]);};
:if ($TheListExist = 0) do=\
{/ip firewall address-list add list=$TheList \
address=$TheIP comment=$LookHost disabled=no;
}
:if ($TheListExist != 0) do=\
{:foreach k in [/ip firewall address-list find list=$TheList] do=\
{:set RuleID [/ip firewall address-list find address=$TheIP];
:if ([:len $RuleID] = 0) do=\
{/ip firewall address-list add list=$TheList \
address=$TheIP comment=$LookHost disabled=no
};
:if ([:len $RuleID] > 0) do=\
{:foreach l in [/ip firewall address-list find address=$TheIP] do=\
{:if ([/ip firewall address-list get $l comment]!=$LookHost) do=\
{/ip firewall address-list remove $l
/ip firewall address-list add list=$TheList \
address=$TheIP comment=$LookHost disabled=no
};
};
};
};
};
};
};
};Can anyone help me?