Page 1 of 1
need help12 hour profile
Posted: Mon Jan 17, 2011 2:39 pm
by q1gzn
kindly i need your support to write a script which run my clients for 12 hour and disable them after 12 hour and at Friday and Saturday want them work 24 hour
thanks alot
Re: need help12 hour profile
Posted: Mon Jan 17, 2011 6:22 pm
by andrescamino
u don't need a script for firewall rules u can apply restriction by hours and days...
what exactly do u want to do??
Re: need help12 hour profile
Posted: Tue Jan 18, 2011 7:19 am
by q1gzn
u don't need a script for firewall rules u can apply restriction by hours and days...
what exactly do u want to do??
Many thanks for your help andrescamino
exactly i need to enable my users from 12 pm to 12 am and this issue continue from Sunday to Thursday but want the same users work 24 Hr at Friday and Saturday .
i hope that the idea is clear
Re: need help12 hour profile
Posted: Tue Jan 18, 2011 7:37 pm
by andrescamino's clear...
first you have to create an address list with ip address of the users that you want to control for example let's say user1 has the ip address of and user2 has you will have to create this rule first
/ip firewall address-list add list=Restrited-users address= comment=User1
/ip firewall address-list add list=Restrited-users address= comment=User2
Once you create the address list you will have to create the filter rules...let's say you just want them to use internet from Monday through Thursday from 9 am to 7 pm
/ip firewall filter add action=accept chain=forward comment="Allow Traffic from restricted users at different hours" disabled=no src-address-list=Restricted-users time=9h-17h,mon,tue,wed,thu
/ip firewall filter add chain=forward src-address= action=drop comment="deny everything else from the network"
With those two lines you will accept traffic from your address list in those hours and deny everything that is not under that list, if you have other customers you will have to create some rules to accept them before you deny the entire network..
hope that's clear enough
Re: need help12 hour profile
Posted: Thu Jan 20, 2011 8:43 am
by q1gzn's clear...
first you have to create an address list with ip address of the users that you want to control for example let's say user1 has the ip address of and user2 has you will have to create this rule first
/ip firewall address-list add list=Restrited-users address= comment=User1
/ip firewall address-list add list=Restrited-users address= comment=User2
Once you create the address list you will have to create the filter rules...let's say you just want them to use internet from Monday through Thursday from 9 am to 7 pm
/ip firewall filter add action=accept chain=forward comment="Allow Traffic from restricted users at different hours" disabled=no src-address-list=Restricted-users time=9h-17h,mon,tue,wed,thu
/ip firewall filter add chain=forward src-address= action=drop comment="deny everything else from the network"
With those two lines you will accept traffic from your address list in those hours and deny everything that is not under that list, if you have other customers you will have to create some rules to accept them before you deny the entire network..
hope that's clear enough
Oh andrescamino
thats really clear ,I'll config my RB and tell you what the result
again many thanks for you
Re: need help12 hour profile
Posted: Thu Jan 20, 2011 9:17 am
by q1gzn
Dear andrescamino
there is problem i have DHCP server and its activated . the problem is not the DHCP ,its there are users i want them work 24 Hr and 7 days weekly ,so the rule will disable every ip just those add in address list
i appreciate your support andrescamino
Re: need help12 hour profile
Posted: Thu Jan 20, 2011 5:58 pm
by andrescamino
If all of your clients receive via DHCP, what you can do is to make the clients that u want to restrict to get the same Ip address by a Static Lease on the dhcp can add those address to an address list like the one we have done it before and create the rule...
To avoid the problem of allowing the other customers 24/7 you can create another rule in your firewall like this
/ip firewall filter add chain=forward src-address-list=!Restricted-users action=accept
/ip firewall filter add action=accept chain=forward comment="Allow Traffic from restricted users at different hours" disabled=no src-address-list=Restricted-users time=9h-17h,mon,tue,wed,thu
/ip firewall filter add chain=forward src-address= action=drop comment="deny everything else from the network"
So you see that the first rule has to be the one that accept everyone who is not in the list, the second one will allow the restricted users to permit traffic in diferent hours...and the third wll drop the connections of the restricted users at different hours....or maybe you can just try with this modification to your actual rules
/ip firewall filter add action=accept chain=forward comment="Allow Traffic from restricted users at different hours" disabled=no src-address-list=Restricted-users time=9h-17h,mon,tue,wed,thu
/ip firewall filter add chain=forward src-address-list=Restricted-users action=drop comment="deny everything else from the network"
this one doesn't block the traffic to the whole network but just the restricted users if they are not accepted in the first rule...
hope that helps
Re: need help12 hour profile
Posted: Sun Jan 23, 2011 7:20 pm
by q1gzn
its clear and work properly
thank you very much
Re: need help12 hour profile
Posted: Fri Jan 28, 2011 2:41 pm
Dear All,
Kindly, thank you for this is configuration , but i make profile and this is profile in schedule :
add comment="" disabled=no interval=1d name="Disable User" on-event="/ip hotpo\
t user disable [find \\ \r\
\nprofile=\"128-Hr\"] \r\
\n:delay 5 \r\
\n:foreach i in=[/ip hotspot user find disabled=yes] do={/ip hotspot activ\
e remove [find user=[/ip hotspot user get \$i name]]}" policy=\
reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/17/2011 start-time=08:00:00
add comment="" disabled=no interval=1d name="Enable User" on-event=\
"/ip hotspot user enable [find \\ \r\
\nprofile=\"128-Hr\"]" policy=\
reboot,read,write,policy,test,password,sniff,sensitive start-date=\
jan/17/2011 start-time=14:00:0
work this is schedule OKi no problem, as well as i need work this schedule all days Except Friday and Saturday, this time does not apply to them.
Please help me if possible ... , I will wait your response on this issue.
Thank you
Re: need help12 hour profile
Posted: Tue Feb 01, 2011 1:56 pm
Dear All,
Please any update about that , coz at this days this profile not work good ..
Re: need help12 hour profile
Posted: Sat Feb 26, 2011 1:33 pm
please help me about this script coz nit work all client work at time disable , please help me and give me script work good , coz i have 100 client's i need to make time nightly free from 12pm to 6am , so i need good script for that ..
Re: need help12 hour profile
Posted: Thu Mar 03, 2011 5:25 pm
Hello ,
Im got the solve for this issue !!!
1- add profile name 12Hours ,
2-add script name Run , Source: /ip hotspot user profile set 12Hours rate-limit="200k/200k" work .
3-add script name:Stop, Source: /ip hotspot user profile set 12Hours rate-limit="0k/0k" not work .
4-add schu name:Enable, Time:23:59:59, Event:Run
5-add schu name:Disable, Time:11:59:59, Event:Stop.
Will work Good ,,,,
Thank you my friends ...
Done Closing This Subject.