Zapsani pravidla do mikrotiku externe přes php

[[OP]CZMadman]

Zdravim, poradil by nekdo jak nejlepe zpracovat situaci, kdy mi beží cron na php soubor, který kontroluje v mysql databazi urcitej radek (ID,IP). jakmile se ukaze v db ID, vezme to IP a zapise jako pravidlo v mikrotiku.
Poradil by nekdo jak toto realizovat? Predem rikam, ze stou mysql databazi nehnu .. zde neni jine reseni...
diky

[rseb]

Ahoj.
Pouzivam vesele mkapi na ruzne veci na mk. Osobne sice cpp implementaci, ale v tvem pripade bych sahnul po http://wiki.mikrotik.com/wiki/API_PHP_class. Zybtek uz zalezi na konkretni situaci.

Kdyztak PM.

Roman

[[OP]CZMadman]

Jo, to bude ono, nejakej script mi uz funguje (vypisovani onfo o RB)

ted jeste pridat pravidlo to switch/filters
ip (bude z databaze) a action denny

takze nejak takto ?

Kód: Vybrat vše

$API->comm("/interface/bridge/filters/set", array(
          "src-address" => "$IP",
          "comment"  => "$IP-$time",
         "action"  => "drop",
        "mac protokol num"  => "800 (ip)",
));

[rseb]

mno jeste by to chtelo tecky na spojovani retezcu... ale asi ano

[[OP]CZMadman]

ten prikaz v mikrotiku vypada takto

Kód: Vybrat vše

add action=drop chain=forward comment="$IP-$time" disabled=no \
    mac-protocol=ip src-address=$IP/32

takze snad

Kód: Vybrat vše

$API->comm("/interface/bridge/filters/set", array(
"action"  => "drop",
"chain"  => "forward",
"comment"  => "$IP.-.$time",
"disabled"  => "no",
"mac-protocol"  => "ip",
"src-address" => "$IP./32",
));

[rseb]

zkusil bych

Kód: Vybrat vše

$API->comm("/interface/bridge/filters/add", array(
      "action" => "drop",
      "chain" => "forward",
           "comment"  => $IP."-".$time,
      "disabled" => "no",
           "mac-protocol" => "ip",
      "src-address" => $IP."/32"
));


[[OP]CZMadman]

hm zatim to tam nic nezapise, celej script vypada takto, zatim nepouzivam zadne promene

Kód: Vybrat vše

<?php

require('routeros_api.class.php');

$API = new routeros_api();

$API->debug = false;

if ($API->connect('****', '****', '****')) {   // Change this as necessery

$ARRAY = $API->comm("/interface/bridge/filters/add", array(
"action"  => "drop",
"chain"  => "forward",
"comment"  => "asdasd",
"disabled"  => "no",
"mac-protocol"  => "ip",
"src-address" => "10.10.10.1/32",
));

print_r($ARRAY);
$API->disconnect();
}
?>

mám tam neco blbe ?

[rseb]

zapni se debug

Kód: Vybrat vše

$API->debug = true;

, pred connect

[[OP]CZMadman]

Kód: Vybrat vše

Connection attempt #1 to *******:8728... <<< [6] /login >>> [5/5] bytes read. >>> [5, 39]!done >>> [37/37] bytes read. >>> [37, 1]=ret=********* <<< [6] /login <<< [9] =name=*****<<< [44] =response=***************** >>> [5/5] bytes read. >>> [5, 1]!done Connected... <<< [29] /interface/bridge/filters/add <<< [12] =action=drop <<< [14] =chain=forward <<< [15] =comment=asdasd <<< [12] =disabled=no <<< [16] =mac-protocol=ip <<< [23] =src-address=10.10.10.1 >>> [5/5] bytes read. >>> [5, 40]!trap >>> [31/31] bytes read. >>> [31, 8]=message=no such command prefix >>> [5/5] bytes read. >>> [5, 1]!done Disconnected...

netusim co tam je za chybu ale je to !done, takze asi nejaka jo

[tom-tom]

Nepřebývá ti tam něco?
/interface/bridge/filters/add

[rseb]

hmm to by mohlo byt ono.

[[OP]CZMadman]

takze

Kód: Vybrat vše

$API->comm("/interface/bridge/filter/add", array(
"action"  => "drop",
"chain"  => "forward",
"comment"  => "asdasd",
"disabled"  => "no",
"mac-protocol"  => "ip",
"src-address" => "10.10.10.1/32",
));

Kód: Vybrat vše

Connection attempt #1 to ********:8728... <<< [6] /login >>> [5/5] bytes read. >>> [5, 39]!done >>> [37/37] bytes read. >>> [37, 1]=ret=******<<< [6] /login <<< [9] =name=****<<< [44] =response=******>>> [5/5] bytes read. >>> [5, 1]!done Connected... <<< [28] /interface/bridge/filter/add <<< [12] =action=drop <<< [14] =chain=forward <<< [15] =comment=asdasd <<< [12] =disabled=no <<< [16] =mac-protocol=ip <<< [26] =src-address=10.10.10.1/24 >>> [5/5] bytes read. >>> [5, 37]!trap >>> [28/28] bytes read. >>> [28, 8]=message=failure: source bad >>> [5/5] bytes read. >>> [5, 1]!done Disconnected..

co sakra je =message=failure: source bad

[rseb]

co by to tak asi mohlo byt? zeby se mu z nejakeho duvodu nelibilo source address?

[[OP]CZMadman]

no zkousel jsem dat samotny ip bez /24 vsechno mozny a nic ... zkousel jsem i jinej rozsah ip.. porad to same.. netusim kde je vtomdle chyba

[rseb]

mno nemam to ted na cem zkouset, ale zkus si telnet na to mk a to, co ti projde tam by melo jit i pres api. R