Community discussions

MikroTik App
 
cololine
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed May 27, 2009 1:11 am

Protect an IP against accidental deletion

Sat Apr 17, 2010 10:55 pm

Hi all -

Just wondering if there is any way to protect an IP address against accidental deletion in RoS? Really my only concern is the IP that's used for management of the router itself. If that was accidentally deleted, the result is no management unless you are right there and can console in (I am not), and since all client allocations are routed to that IP, no routing either! Right now all one has to is highlight the router's IP in windbox and click the delete icon.

Is there anything like a read-only bit that can be set on the entry, or perhaps it can be password-protected?
 
dssmiktik
Forum Veteran
Forum Veteran
Posts: 732
Joined: Fri Aug 17, 2007 8:42 am

Re: Protect an IP against accidental deletion

Sun Apr 18, 2010 1:40 am

There's currently no way to set read-only attribute for specific sub-menus in RouterOS.

You could however create a script to run via scheduler to insure the proper settings are always in-tact. This should protect against accidental deletion by re-creating/re-setting settings to their "default" value.
# This script will search for IP addresses on a given interface.
# If the IP address isn't found, it will be added, and enabled.
# If the IP address is found, it will be enabled.

:local ipinterface "SERVERS"
:local ipaddress { "192.168.15.1/24";
                        "192.168.15.2/24";
                        "192.168.15.3/24";
                        "192.168.15.4/24"; }

# Internal processing below...
# --------------------------
/ip address {
   :local ruleid
   :foreach addr in=$ipaddress do={
      :set ruleid [find address=[:tostr $addr] interface=[:tostr $ipinterface]]
      :if ([:len $ruleid] = 0) do={
         add address=[:tostr $addr] interface=[:tostr $ipinterface] disabled=no
      } else={
         set $ruleid disabled=no
      }
   }
# /ip address
}
Then you could run this via scheduler:
/system scheduler add name="Restore IP Addresses" on-event="<script name>" interval=15s start-time=startup policy=write disabled=no
 
User avatar
Eising
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Oct 27, 2008 10:21 am
Location: Copenhagen, Denmark

Re: Protect an IP against accidental deletion

Sun Apr 18, 2010 2:07 pm

No, not really. However, you should use safe mode (ctrl-x) when working with your router, since that will reverse any changes if you do not log out properly...
Also, you can mostly rescue routers with mac-telnet if you accidentally remove their ip address.
 
cololine
Member Candidate
Member Candidate
Topic Author
Posts: 106
Joined: Wed May 27, 2009 1:11 am

Re: Protect an IP against accidental deletion

Sun Apr 18, 2010 5:30 pm

Thanks for weighing in. Mac-telent and -winbox apparently only work between two routers, and though the docs do not say so, I suspect they would have to be on the same L2 network in order for it to work. That does not help me or anyone else who has a single RoS device running in a remote location accessible only by TCP/IP. I understand safe-mode, but I don't think that's going to help if the router's 'primary' IP is deleted, as contact would immediately be lost.

I guess I'll post this in the feature suggestion area, unless anyone else knows of something that can be used to protect critical configs from accidental deletion.
 
User avatar
Eising
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Oct 27, 2008 10:21 am
Location: Copenhagen, Denmark

Re: Protect an IP against accidental deletion

Mon Apr 19, 2010 10:37 am

You are right about mac telnet. It only works between routers on the same broadcast domain.
If you are really worried about deleting this interface, I suggest you write a script, that you run at set intervals that checks if the ip address is present, and creates it if it's missing...
 
dssmiktik
Forum Veteran
Forum Veteran
Posts: 732
Joined: Fri Aug 17, 2007 8:42 am

Re: Protect an IP against accidental deletion

Tue Apr 20, 2010 12:09 am

There's currently no way to set read-only attribute for specific sub-menus in RouterOS.

You could however create a script to run via scheduler to insure the proper settings are always in-tact. This should protect against accidental deletion by re-creating/re-setting settings to their "default" value.
# This script will search for IP addresses on a given interface.
# If the IP address isn't found, it will be added, and enabled.
# If the IP address is found, it will be enabled.

:local ipinterface "SERVERS"
:local ipaddress { "192.168.15.1/24";
                        "192.168.15.2/24";
                        "192.168.15.3/24";
                        "192.168.15.4/24"; }

# Internal processing below...
# --------------------------
/ip address {
   :local ruleid
   :foreach addr in=$ipaddress do={
      :set ruleid [find address=[:tostr $addr] interface=[:tostr $ipinterface]]
      :if ([:len $ruleid] = 0) do={
         add address=[:tostr $addr] interface=[:tostr $ipinterface] disabled=no
      } else={
         set $ruleid disabled=no
      }
   }
# /ip address
}
Then you could run this via scheduler:
/system scheduler add name="Restore IP Addresses" on-event="<script name>" interval=15s start-time=startup policy=write disabled=no
 
User avatar
j2sw
Member Candidate
Member Candidate
Posts: 131
Joined: Mon Sep 04, 2006 5:42 am
Location: Indiana
Contact:

Re: Protect an IP against accidental deletion

Wed Apr 21, 2010 7:33 pm

I would go with read only for people you are concerned about. Other than that you can always use safe mode, & mac-telnet should some things go wrong.