Skip to content

Instantly share code, notes, and snippets.

@avoidik

avoidik/README.md

Created January 4, 2022 14:05
Show Gist options
  • Save avoidik/7ff98a88d4c4459ac476a97f4a0ee955 to your computer and use it in GitHub Desktop.
Save avoidik/7ff98a88d4c4459ac476a97f4a0ee955 to your computer and use it in GitHub Desktop.
Download ZIP
Mikrotik, add rules over API
Raw
README.md

Prerequisites:

  • Mikrotik API is enabled (IP > Services > API, enabled on port 8728 and/or 8729)
  • Mikrotik API ports are allowed (IP > Firewall > Filter Rules, input chain has both TCP ports allowed)
  • Mikrotik management interface IP address is reachable
  • Linux (VM or real hardware)

Steps

  • Download the script from here to your Linux machine - https://wiki.mikrotik.com/wiki/Manual:API_Python3
  • Find all input rules, input and press enter twice: 
    /ip/firewall/filter/print
?chain=input
  • Identify first rule in the output 
    !re
=.id=*9D
=chain=input
...
!done
  • Allow winbox, input and press enter twice: 
    /ip/firewall/filter/add
=chain=input
=src-address=192.168.88.100
=protocol=tcp
=dst-port=8291
=action=accept
=comment=TEST
=place-before=*9D
    Note: 192.168.88.100 is an IP-address of a machine from where you're going to connect to Mikrotik
  • Now try to connect
@jojoamrni
Copy link

How about getting a rule to protect the router?

@avoidik
Copy link
Author

avoidik commented Jan 24, 2024

@jojoamrni I drop everything coming outside of the lan network list, but such topics as network segmentation and security hardening is out of scope of this particular case :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment