TFTP is a very simple protocol used to transfer files. It is from this that its name comes, Trivial File Transfer Protocol or TFTP. Each nonterminal packet is acknowledged separately. RouterOS has a built-in TFTP server since v3.22
Since version 4.4 to set up tftp rules you will have to have policy sensitive enabled for your account.
- ip-address (required) - range of IP addresses accepted as clients if empty 0.0.0.0/0 will be used
- req-filename - requested filename as regular expression (regex) if field is left empty it defaults to .*
- real-filename - if above two values are set and valid, the requested filename will be replaced with this. If this field has to be set. If multiple regex are specified in req-filename, with this field you can set which ones should match, so this rule is validated. real-filename format for using multiple regex is filename\0\5\6
- allow (default: yes) - to allow connection if above fields are set. if no, connection will be interrupted
- read-only (default: no) - sets if file can be written to, if set to "no" write attempt will fail with error
- hits - how many times this configuration entry has been executed (viewable only)
req-filename field allowed regexp
allowed regexps in this field are
- brackets () - marking subsection
example 1 a(sd|fg) will match asd or afg
- asterisk "*" - match zero or more times preceding symbol,
example 1 a* will match any length name consisting purely of symbols a or no symbols at all example 2 .* will match any length name, also, empty field example 3 as*df will match adf, asdf, assdf, asssdf etc.
- plus "+" will match one or more times preceding symbol,
example: as+df will match asdf, assdf etc.
- dot "." - matches any symbol
example as.f will match asdf, asbf ashf etc.
- square brackets  - variation between
example as[df] will match asd and asf
- question mark "?" will match one or none symbols,
example asd?f will match asdf and asf
- caret "^" - used at the beginning of the line means that line starts with,
- dollar "$" - means at the end of the line
- example 1 if file is requested return file from store called sata1:
/ip tftp add req-filename=file.txt real-filename=/sata1/file.txt allow=yes read-only=yes
- example 2 if we want to give out one specific file no matter what user is requesting:
/ip tftp add req-filename=.* real-filename=/sata1/file.txt allow=yes read-only=yes
- example 3 if user requests aaa.bin or bbb.bin then give them ccc.bin:
/ip tftp add req-filename="(aaa.bin)|(bbb.bin)" real-filename="/sata1/ccc.bin\\0" allow=yes read-only=yes