MikroTik

Community discussions
https://forum.mikrotik.com/

script with routerOS v4.13

https://forum.mikrotik.com/viewtopic.php?t=46628

Page 1 of 1

script with routerOS v4.13

Posted: Sat Nov 13, 2010 5:39 pm
by namo
I have routerOs v4.13 with hotspot. I tried to run this code the terminal:
Code: Select all
/ip firewall filter

add action=reject chain=forward comment="Reject if in the 24-hour-list" disabled=no reject-with=icmp-network-unreachable src-address-list=24-hour-list

add action=jump chain=forward comment="Check if dest is an open customer" disabled=no dst-address-list=open-customers jump-target=open-customers
add action=jump chain=forward comment="Check Known Bad Hosts" disabled=no jump-target=bad-hosts
add action=reject chain=forward comment="Reject if in the 24-hour-list" disabled=no reject-with=icmp-network-unreachable src-address-list=24-hour-list

add action=return chain=bad-host-detection comment="Take no action on bogons" disabled=no src-address-list=bogons
add action=add-src-to-address-list address-list=30-seond-list address-list-timeout=30s chain=bad-host-detection comment="Add to the 30 second list" disabled=no

add action=add-src-to-address-list address-list=24-hour-list address-list-timeout="1d 00:00:00" chain=bad-host-detection comment="If seen 20 time in 30 seconds add to the one day block list" disabled=no nth=50 src-address-list=30-seond-list
add action=return chain=bad-host-detection comment="" disabled=no


add action=jump chain=forward comment="jump to the bad-host-detection chain" disabled=no jump-target=bad-host-detection src-address-list=!our-networks

add action=jump chain=forward comment="jump to the bad-host-detection chain" disabled=no jump-target=bad-host-detection src-address-list=!our-networks
but there is a problem with the line :
Code: Select all
add action=add-src-to-address-list address-list=24-hour-list address-list-timeout="1d 00:00:00" chain=bad-host-detection comment="If seen 20 time in 30 seconds add to the one day block list" disabled=no nth=50 src-address-list=30-seond-list
It gives an error : failure: nth_every and nth_packet must be >= 0

Re: script with routerOS v4.13

Posted: Mon Nov 15, 2010 11:03 am
by mrz
nth=50 is not a correct value
I guess there should be nth=5,0

Re: script with routerOS v4.13

Posted: Tue Nov 16, 2010 3:34 pm
by namo
nth=50 is not a correct value
I guess there should be nth=5,0
I did this and I get the error:
value of packet out of range (1..4294967295)

Re: script with routerOS v4.13

Posted: Thu Dec 16, 2010 7:52 am
by namo
Is there solrion for this code for v4.15?

Re: script with routerOS v4.13

Posted: Thu Dec 16, 2010 5:10 pm
by namo
I deleted nth=50 in the code and in he firewall rule in Winbox, there is nth option which has two values:
every :
packet

should I every with 20 and packet with 1? I want the IP to become in 24hr-list if appears 20 times in 30-seond-list

Note: It says that every has to be bigger than packet
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/