I'm after a script that will work as a anti lockout script
e.g.
1, administrator logs in to Mikrotik,
2, admin makes changes to firewall rules or address lists Nat table and either kills the internet connection or removes remote access
3, script schedule reads log file detects a change, then checks for Internet connection and port 3129 being open for remote management.
4, if either or both of the above fail the script re-installs a last known working config.
has anyone ever seen a script like this or dose anyone have any better ideas
Re: Anti lockout script
Why? Have you missed the safe mode option? Have you seen how the log looks like?
Re: Anti lockout script
Hi Thanks for your reply.
No I have not missed the safe mode option but we have had instances in the past where safe mode didn't operate as expected unfortunately, so the idea is to create a script that will make it idiot proof in fact the only way to lockout would be to backup the config to a backup file where the script is restoring from,
the output from the log i receive when i type this command /log print where topics=system,info message~"rule" looks like the below
13:10:30 system,info nat rule changed by admin
13:10:32 system,info nat rule changed by admin
15:12:47 system,info filter rule changed by admin
15:12:50 system,info filter rule changed by admin
So i was thinking that once the script sees the term "rule" it will start up and check
1, The router can ping 8.8.8.8 or a vpn endpoint for those running over 3G or 4G
2, that the winbox port is open and it is in rule number 1 position in the input chain
if either of the above fail it will revert back to its last known good configuration.
If everything appears to be OK then it will backup the configuration to the known good working configuration file
No I have not missed the safe mode option but we have had instances in the past where safe mode didn't operate as expected unfortunately, so the idea is to create a script that will make it idiot proof in fact the only way to lockout would be to backup the config to a backup file where the script is restoring from,
the output from the log i receive when i type this command /log print where topics=system,info message~"rule" looks like the below
13:10:30 system,info nat rule changed by admin
13:10:32 system,info nat rule changed by admin
15:12:47 system,info filter rule changed by admin
15:12:50 system,info filter rule changed by admin
So i was thinking that once the script sees the term "rule" it will start up and check
1, The router can ping 8.8.8.8 or a vpn endpoint for those running over 3G or 4G
2, that the winbox port is open and it is in rule number 1 position in the input chain
if either of the above fail it will revert back to its last known good configuration.
If everything appears to be OK then it will backup the configuration to the known good working configuration file
Re: Anti lockout script
It seems to me too that you are trying to reinvent the wheel.
In the past, Safe mode was kind of buggy, I agree with you. But with the latest releases, I've not encountered any more problems.
It might be worth checking again.
But all your checks can be scripted and if it fails, it can run the latest backup. Unless someone disables the scheduled script.
In the past, Safe mode was kind of buggy, I agree with you. But with the latest releases, I've not encountered any more problems.
It might be worth checking again.
But all your checks can be scripted and if it fails, it can run the latest backup. Unless someone disables the scheduled script.