Page 1 of 1
disable all ip except some ips
Posted: Mon Mar 05, 2018 11:01 am
by dodifitriyadi
Hi All,
Anyone can help me how to disable all list ip address except some ips, for example, i have 100 ip address listed, i need to disable all except only 3 ips enable state.
if except only 1 ip it's solved for me, below command line for disable all ip address except 1 ip :
/ip address disable [/ip address find where address!=\"10.11.12.2/30\"]
please help me
Re: disable all ip except some ips
Posted: Mon Mar 05, 2018 2:35 pm
by CZFan
I am not sure I understand your post correctly, but that command also does not look right, think it should be:
/ip address disable [/ip address find where address!="10.11.12.2/30"]
Re: disable all ip except some ips
Posted: Wed Mar 07, 2018 5:27 am
by dodifitriyadi
Hi CZFan, thanks for reply,
If except 1 ip, it's solved for me, and i forgot to add " on my capture, because i apply this for script on CLI. Can you help us to except more than 1 ip? Example i need to disable all except 3 listed ips.
Re: disable all ip except some ips
Posted: Wed Mar 07, 2018 11:13 am
by CZFan
Sorry bud, not a developer. Tried a couple of things but did not work.
Maybe post in the "Scripting" section, I am sure someone will be able to assist.
Will be good to know answer though
Re: disable all ip except some ips
Posted: Wed Mar 07, 2018 3:15 pm
by sindy
Sorry bud, not a developer. Tried a couple of things but did not work.
Maybe post in the "Scripting" section, I am sure someone will be able to assist.
Will be good to know answer though
The "find" accepts composite conditions and its result is a list of pointers, so you can use
/ip address disable [find address=!"1.1.1.1/32" && address=!"2.2.2.2/24" && dynamic=no]
. If you don't know the masks, use
instead of
, except that the logical "not" (
) must be used in a different manner in that case, and you have to take care not to mix up e.g. 221.1.1.1 with 1.1.1.1, hence the
in front and
in the end of the IP address:
/ip address disable [find (!(address~"^1.1.1.1/")&&!(address~"^2.2.2.2/") && dynamic=no)]
.
Re: disable all ip except some ips
Posted: Wed Mar 07, 2018 5:15 pm
by erfanurmia
creat an address-list for ips that you dont wanna block
so in the rule in src/dst-address-list choose that and press the checkbox in left of address-list that means NOT
with this config you block all ips except the ips you want
Re: disable all ip except some ips
Posted: Wed Mar 07, 2018 5:16 pm
by CZFan
...
/ip address disable [find address=!"1.1.1.1/32" && address=!"2.2.2.2/24" && dynamic=no]
.
...
Tried above and not working, but found problem, the = and ! is in wrong order, must be != instead of =! then it works perfectly
Re: disable all ip except some ips
Posted: Thu Mar 08, 2018 7:19 am
by dodifitriyadi
Sorry bud, not a developer. Tried a couple of things but did not work.
Maybe post in the "Scripting" section, I am sure someone will be able to assist.
Will be good to know answer though
The "find" accepts composite conditions and its result is a list of pointers, so you can use
/ip address disable [find address=!"1.1.1.1/32" && address=!"2.2.2.2/24" && dynamic=no]
. If you don't know the masks, use
instead of
, except that the logical "not" (
) must be used in a different manner in that case, and you have to take care not to mix up e.g. 221.1.1.1 with 1.1.1.1, hence the
in front and
in the end of the IP address:
/ip address disable [find (!(address~"^1.1.1.1/")&&!(address~"^2.2.2.2/") && dynamic=no)]
.
Hi Sindy,
Excelent !!...it's work for me, as info by CZFan, it's only correction on "=!" to "!="
Thank you verry much, it's done for me to make Mikrotik HA with dynamic routing active.