Greetings.
I need to convert Dynamic lists from our MK 2.29 firewall to statique lists. Anyone has an idea ? A script ?
Thank you for any suggestions.
Sounds like you are using mt for client devices.
I have never done this but I imagine one could have a script (perl or php) that would go through a text file line by line, ssh to an IP, log in and then issue :
/ip dhcp-client add interface=ether1 ...
/ip address=xxx.xxx.xxx.xxx disable (or remove)
if you are connecting via this IP number, the connection will be terminated at this point.
This is also why it is a good idea to "push" out configurations from a central point. That way you can edit, tweek, and test BEFORE you commit, realize that its too late now and you have to jump in the truck, drive over to reset the device and so on and so forth...
I have never done this but I imagine one could have a script (perl or php) that would go through a text file line by line, ssh to an IP, log in and then issue :
/ip dhcp-client add interface=ether1 ...
/ip address=xxx.xxx.xxx.xxx disable (or remove)
if you are connecting via this IP number, the connection will be terminated at this point.
This is also why it is a good idea to "push" out configurations from a central point. That way you can edit, tweek, and test BEFORE you commit, realize that its too late now and you have to jump in the truck, drive over to reset the device and so on and so forth...
Altough this is not what I am trying to do, it sounds interesting to use a scripting tool on a workstation and do the editing before pushing the commit button. Thank you for the idea.
The truth is that I realized that our firewall rules were sometimes too harsh in blacklisting IPs. This is why I use a withelist rule on top of chain that garanties to clients (public IPs) that do a "certain" thing whenever they connect for the first time. I only want to convert these dynamic addresses to static because they vaporise after a reboot.
The truth is that I realized that our firewall rules were sometimes too harsh in blacklisting IPs. This is why I use a withelist rule on top of chain that garanties to clients (public IPs) that do a "certain" thing whenever they connect for the first time. I only want to convert these dynamic addresses to static because they vaporise after a reboot.
