Skip to content

Commit

Permalink
Mikrotik routeros - firewall filter - Add src mac address, correct ip…
Browse files Browse the repository at this point in the history 
…v6 path and empty log prefix
  • Loading branch information
@k-ribot
Edouard Lavaud authored and k-ribot committed Dec 5, 2022
1 parent e147c02 commit 5a5fab8
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 6 deletions.
2 changes: 1 addition & 1 deletion ntc_templates/templates/index
View file
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,7 @@ linux_ip_link_show.textfsm, .*, linux, ip l[[ink]] [[show]]
linux_ip_vrf_show.textfsm, .*, linux, ip v[[rf]] [[show]]
linux_arp_-a.textfsm, .*, linux, arp -a

mikrotik_routeros_ip_firewall_filter_print_all_without-paging.textfsm, .*, mikrotik_routeros, [[/]]ip(v6)? firewall filter print all without-paging
mikrotik_routeros_ip_firewall_filter_print_all_without-paging.textfsm, .*, mikrotik_routeros, [[/]]ip(v6)? firewall filter print( all)? without-paging
mikrotik_routeros_ip_dhcp-server_lease_print_without-paging.textfsm, .*, mikrotik_routeros, [[/]]ip dhcp-server lease print without-paging
mikrotik_routeros_ip_firewall_nat_print_all_without-paging.textfsm, .*, mikrotik_routeros, [[/]]ip(v6)? firewall nat print all without-paging
mikrotik_routeros_interface_ethernet_monitor_name_once.textfsm, .*, mikrotik_routeros, [[/]]interface ethernet monitor (\S+) once
Expand Down
7 changes: 4 additions & 3 deletions ...templates/templates/mikrotik_routeros_ip_firewall_filter_print_all_without-paging.textfsm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,16 @@ Value ipsec_policy (\S+)
Value dst_address ([\w!.:/\d]+)
Value dst_address_list (\S+)
Value dst_port (\S+)
Value src_mac_address (\S+)
Value log (yes|no)
Value log_prefix (\S+[\S ]+)
Value log_prefix ((\S+[\S ]+)?)

Start
^Flags:.*$$ -> FirewallTable

FirewallTable
^\s?${index}\s+(${flags})?\s+;;;\s${comment}
^\s+chain=${chain}\s(action=${action}\s)?(connection-state=${connection_state}\s)?(connection-nat-state=${connection_nat_state}\s)?\s*(protocol=${protocol}\s)?(src-address=${src_address}\s)?(dst-address=${dst_address}\s)?(src-address-list=${src_address_list}\s)?(dst-address-list=${dst_address_list}\s)?(in-interface-list=${in_interface_list}\s)?(out-interface-list=${out_interface_list}\s)?(src-port=${src_port}\s)?(dst-port=${dst_port}\s)?(in-interface=${in_interface}\s)?(out-interface=${out_interface}\s)?(ipsec-policy=${ipsec_policy}\s)?(log=${log}\s)?(log-prefix="${log_prefix}"\s)?$$ -> Record
^\s?${index}\s+(${flags})?\s+chain=${chain}\s(action=${action}\s)?(connection-state=${connection_state}\s)?(connection-nat-state=${connection_nat_state}\s)?(protocol=${protocol}\s)?(src-address=${src_address}\s)?(dst-address=${dst_address}\s)?(src-address-list=${src_address_list}\s)?(dst-address-list=${dst_address_list}\s)?(in-interface-list=${in_interface_list}\s)?(out-interface-list=${out_interface_list}\s)?(src-port=${src_port}\s)?(dst-port=${dst_port}\s)?(in-interface=${in_interface}\s)?(out-interface=${out_interface}\s)?(ipsec-policy=${ipsec_policy}\s)?(log=${log}\s)?(log-prefix="${log_prefix}"\s)?$$ -> Record
^\s+chain=${chain}(\saction=${action})?(\sconnection-state=${connection_state})?(\sconnection-nat-state=${connection_nat_state})?\s*(\sprotocol=${protocol})?(\ssrc-address=${src_address})?(\sdst-address=${dst_address})?(\ssrc-address-list=${src_address_list})?(\sdst-address-list=${dst_address_list})?(\sin-interface-list=${in_interface_list})?(\sout-interface-list=${out_interface_list})?(\ssrc-port=${src_port})?(\sdst-port=${dst_port})?(\ssrc-mac-address=${src_mac_address})?(\sin-interface=${in_interface})?(\sout-interface=${out_interface})?(\sipsec-policy=${ipsec_policy})?(\slog=${log})?(\slog-prefix="${log_prefix}")?\s*$$ -> Record
^\s?${index}\s+(${flags})?\s+chain=${chain}(\saction=${action})?(\sconnection-state=${connection_state})?(\sconnection-nat-state=${connection_nat_state})?(\sprotocol=${protocol})?(\ssrc-address=${src_address})?(\sdst-address=${dst_address})?(\ssrc-address-list=${src_address_list})?(\sdst-address-list=${dst_address_list})?(\sin-interface-list=${in_interface_list})?(\sout-interface-list=${out_interface_list})?(\ssrc-port=${src_port})?(\sdst-port=${dst_port})?(\ssrc-mac-address=${src_mac_address})?(\sin-interface=${in_interface})?(\sout-interface=${out_interface})?(\sipsec-policy=${ipsec_policy})?(\slog=${log})?(\slog-prefix="${log_prefix}")?\s*$$ -> Record
^\s*(?:\d{2}:){2}\d{2}\s+echo:\s*.*$$ -> Next
^. -> Error
4 changes: 2 additions & 2 deletions ...rint_all_without-paging/mikrotik_routeros_ip_firewall_filter_print_all_without-paging.raw
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ Flags: X - disabled, I - invalid, D - dynamic
18 ;;; related established
chain=input connection-state=established,related

19 chain=forward connection-state=established,related
19 chain=forward connection-state=established,related src-mac-address=67:33:EB:0E:EB:A8

20 ;;; drop invalid connections
17:20:06 echo: system,error,critical login failure for user admin from 65.160.140.13 via ssh
Expand All @@ -64,4 +64,4 @@ Flags: X - disabled, I - invalid, D - dynamic
21 ;;; Block all entrant
chain=input action=drop in-interface=all-ppp

22 chain=input action=drop in-interface=all-ethernet
22 chain=input action=drop in-interface=all-ethernet log-prefix=""
23 changes: 23 additions & 0 deletions ...rint_all_without-paging/mikrotik_routeros_ip_firewall_filter_print_all_without-paging.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "1"
Expand All @@ -40,6 +41,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "2"
Expand All @@ -61,6 +63,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "3"
Expand All @@ -82,6 +85,7 @@ parsed_sample:
dst_address: "185.163.212.156/30"
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "4"
Expand All @@ -103,6 +107,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "5"
Expand All @@ -124,6 +129,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: "500,1701,4500"
src_mac_address: ""
log: ""
log_prefix: "Acces VPN"
- index: "6"
Expand All @@ -145,6 +151,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "7"
Expand All @@ -166,6 +173,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: "4430,22,8291"
src_mac_address: ""
log: ""
log_prefix: ""
- index: "8"
Expand All @@ -187,6 +195,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: "161"
src_mac_address: ""
log: ""
log_prefix: ""
- index: "9"
Expand All @@ -208,6 +217,7 @@ parsed_sample:
dst_address: "127.0.0.1"
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "10"
Expand All @@ -229,6 +239,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "11"
Expand All @@ -250,6 +261,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "12"
Expand All @@ -271,6 +283,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "13"
Expand All @@ -292,6 +305,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "14"
Expand All @@ -313,6 +327,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "15"
Expand All @@ -334,6 +349,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "16"
Expand All @@ -355,6 +371,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "17"
Expand All @@ -376,6 +393,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "18"
Expand All @@ -397,6 +415,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "19"
Expand All @@ -418,6 +437,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: "67:33:EB:0E:EB:A8"
log: ""
log_prefix: ""
- index: "20"
Expand All @@ -439,6 +459,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "21"
Expand All @@ -460,6 +481,7 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""
- index: "22"
Expand All @@ -481,5 +503,6 @@ parsed_sample:
dst_address: ""
dst_address_list: ""
dst_port: ""
src_mac_address: ""
log: ""
log_prefix: ""

0 comments on commit 5a5fab8

Please sign in to comment.