Hello,
gui allows for an easy NAT rule to add ip to an address list, but not to remove it (expiration time is not what I am looking for).
My idea is to implement port-knocking where different services use different port sequence. I would have a shell script on linux, which would easily via menu allow me which service I want to enable and then run the knocking sequence (many different sequences, different services, different VMs, different IPs... that's why I do not want to remember).
Once I "knock" to allow certain service, I would give it expiry time let's say 3 hours, to give me enough time to work on the stuff without worrying to knock again.
However, after I am finish let's say in 10 minutes, I might want to close the service port by running different knock sequence. But there is no option in NAT rules to remove IP from address list.
Any solution for this? Is there a chance to add this feature?
One workaround I was thinking was to run a script on mikrotik every minute or so, which would scan yet another address list for IPs (e.g. "remove-these-addresses-list") and for every ip it finds it would scan remaining address lists and remove it. This has limitations however:
1) it is a bit cumbersome to implement
2) why to run script every minute or even every 5 minutes, if I needed only from time to time
3) I might run into a situation where I want to keep the IP in some address lists and remove it just from 1.
Thanks in advance for help and suggestions.
Cheers,
B.
