Community discussions

MikroTik App
 
Mikrotiker
just joined
Topic Author
Posts: 10
Joined: Wed Oct 05, 2005 4:08 pm

Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 2:47 pm

Hey,

i foolishly added a filter rule to my bridge and that is preventing access to RouterOS.

What i did. Quick Config PtP CPE. After running for a while, i added two forward rules for pppoe-session, pppoe-discovery to
the bridge filter. Everything fine so far... Then i follishly added a drop everything input rule to the filter.

So now i am able to do a PPPoE Session via the Link but have no further access to the device.
Because the ethernet and wlan are bridged and the device has only these interfaces,
everything will be dropped (except PPPoE). No matter which way i am trying to access the device.

Is there a way to reset the Routerboard without climbing to the Antenna? Some way (tftp, ..., ...) to stop the booting process
and pushing a clean firmware or config to the device.

thanks in advance
MTer
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 4:11 pm

Hey. Try MAC Telnet access. If there will be no luck, then only hard reset.
 
User avatar
acruhl
Member
Member
Posts: 371
Joined: Fri Jul 03, 2015 7:22 pm

Re: Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 4:16 pm

2 things:

1. Use mac telnet as stated above. You'll need to be in the same layer2 domain and it's probably not activated on the WAN interface.

2. ALWAYS use safe mode when doing anything remotely. You can turn it on, do a few commands and ensure they work, then turn it off. Or leave it on the whole time but you risk a large rollback if your last of many commands is bad.

Locking yourself out of a device is something all network people do at least once. Learn from it.
 
Mikrotiker
just joined
Topic Author
Posts: 10
Joined: Wed Oct 05, 2005 4:08 pm

Re: Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 4:19 pm

tried that already local over ethernet and remote over the wireless link.

But the Filter does what he does - he drops at position 3 ALL incoming packages.

I want to hard reset the Board but first finding a way to do that without climbing to the Antenna.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7168
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 4:25 pm

if ipv6 package was enabled then you can connect to ipv6 ll address. If not then you're screwed.
 
Mikrotiker
just joined
Topic Author
Posts: 10
Joined: Wed Oct 05, 2005 4:08 pm

Re: Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 4:29 pm

thanks for all the answers...

ipv6 is definitely disabled. :?
hoped that there is a way to halt the system at boot und push a recovery firmware to it
and configure it as a new device.

I will go up and push the Button. ;-)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10506
Joined: Mon Jun 08, 2015 12:09 pm

Re: Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 4:52 pm

This also teaches you to set the routerboard boot mode to "try ethernet once then nand" instead of the default "nand if fail then ethernet"
when your tower-mounted device is on a reasonably safe local network. At least you can powercycle it and netinstall without pushing the button.
(of course there is the risk that someone else sets up a system with netinstall and hijacks your device when it reboots, but you
can judge yourself what is the chance of that happening on your local network)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21249
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Foolishly added filter rule is preventig access to RouterOS.

Fri Jun 01, 2018 7:08 pm

Not familiar with bridge filter but for my input rules I have an accept rule for my admin PCs or admin network BEFORE my drop rule.

Who is online

Users browsing this forum: GoogleOther [Bot], luczsoma and 21 guests