How to supplement the script for detecting unregistered users. How to enter exceptions?

A

Ashot Aslanyan2015-10-23 21:00:31

Mikrotik

Ashot Aslanyan, 2015-10-23 21:00:31

:foreach i in=[/ip arp find] do={
:local fip [/ip arp get $i address];
:local fmac [/ip arp get $i mac-address];
:local ipfound [/ip firewall address-list find address=$fip];
:if ($ipfound != "") do={
:log info ($fip. " already filtered")
} else={
/ip firewall filter add chain=forward src-mac-address=$fmac action=drop comment= ("Unregistered device - $fip")
:log info ("Added " . $fmac. " to firewall filter")
}
}
everything works here, just needs to be corrected so that there are exceptions.
for example for these MAC addresses ---> 00:18:C0:61:F0:20, C8:3A:35:0D:0B:00

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander Romanov, 2016-01-18
@moneron89

I suppose, create an address-list with ip-addresses associated with these poppies, and specify src-address-list!=YourListName in the firewall rule. Or, hard-coded in the firewall, create allow rules with your src-mac-address=00:18:C0:61:F0:20 and place them above the deny ones. Then even if there is a prohibition, it will not work. Either create an array with your exceptions, compare new poppies with all array keys, if they don't match, create a rule. If it matches, next.