Page 1 of 1
Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 10:46 am
by akira463
Please do help in my simple code, i do like to log all the dst-address of the certain ip, but it returns invalid item number here's my code
/ip firewall connection
:foreach ip in=[get [find] src-address] do={
:local src [:pick $ip [:find $ip "10.0.4.240"] ([:len $ip] - 6)]
:local dstResult [/ip firewall connection get [find src=$src] dst-address]
:log warning $dstResult
}
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 12:04 pm
by rextended
Can not work, because after just a moment some connections timed out and the "get" return error because the connection not longer exist.
Increase "timeout" if needed, do not remove it.
/ip firewall connection
:foreach idc in=[find where (timeout>2) and src-address~"0.0.0.0"] do={
:log warning [get $idc dst-address]
}
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:00 pm
by akira463
thankyou for your reply again sir, ill try this code.
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:07 pm
by akira463
what if in /tool torch sir? does it work ?
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:08 pm
by rextended
???
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:12 pm
by rextended
You can add this on top of your nat rules, it add dynamically any contacted IP, of any protocol, to one firewall address-list
thisaddlist
/ip firewall nat
add action=add-dst-to-address-list address-list=thisaddlist address-list-timeout=none-dynamic chain=srcnat dst-address-list=!thisaddlist \
src-address=10.0.4.240
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:13 pm
by akira463
What could be wrong sir? , i cant also capture the torch dst-address, what should i do? here's my code
/tool torch
:foreach idc in=[find where interface="vlan10-Hotspot" and src-address~"12.0.4.240" and (timeout>2) ] do={
/file print file="dst-address.txt"
/file set "dst-address.txt" content=$idc
}
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:14 pm
by akira463
You can add this on top of your nat rules, it add dynamically any contacted IP, of any protocol, to one firewall address-list
thisaddlist
/ip firewall nat
add action=add-dst-to-address-list address-list=thisaddlist address-list-timeout=none-dynamic chain=dstnat dst-address-list=!thisaddlist \
src-address=10.0.4.240
so much appreciated sir, ill try it too. thankyou so much
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:19 pm
by rextended
Sorry, my error, on previous post the chain=srcnat, already fixed.
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:24 pm
by akira463
Sorry, my error, on previous post the chain=srcnat, already fixed.
It works sir, thankyou so much, so so so much appreciated!!!
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:26 pm
by rextended
It works sir, thankyou so much, so so so much appreciated!!!
Salamat!
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:32 pm
by akira463
woah , you know tagalog sir ? are you a Filipino ?
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:35 pm
by rextended
woah , you know tagalog sir ? are you a Filipino ?
No, you are always kind, and to be kind I wanted to thank you in your language
Re: Help. Log IP List turn values invalid
Posted: Mon Feb 06, 2023 2:45 pm
by akira463
