From MikroTik Wiki
< Manual:IP
Revision as of 08:24, 4 December 2009 by Janisk (talk | contribs) (emphasis on sensitive)
Jump to navigation Jump to search


TFTP is a very simple protocol used to transfer files. It is from this that its name comes, Trivial File Transfer Protocol or TFTP. Each nonterminal packet is acknowledged separately. RouterOS has a built-in TFTP server since v3.22


Since version 4.4 to set up tftp rules you will have to have policy sensitive enabled for your account.

/ip tftp

  • ip-address (required) - range of IP addresses accepted as clients if empty will be used
  • req-filename - requested filename as regular expression (regex) if field is left empty it defaults to .*
  • real-filename - if above two values are set and valid, the requested filename will be replaced with this. If this field has to be set. If multiple regex are specified in req-filename, with this field you can set which ones should match, so this rule is validated. real-filename format for using multiple regex is filename\0\5\6
  • allow (default: yes) - to allow connection if above fields are set. if no, connection will be interrupted
  • read-only (default: no) - sets if file can be written to, if set to "no" write attempt will fail with error
  • hits - how many times this configuration entry has been executed (viewable only)

2009-04-03 1314.png

req-filename field allowed regexp

allowed regexps in this field are

  • brackets () - marking subsection
    example 1 a(sd|fg) will match asd or afg
  • asterisk "*" - match zero or more times preceding symbol,
    example 1 a* will match any length name consisting purely of symbols a or no symbols at all
    example 2 .* will match any length name, also, empty field
    example 3 as*df will match adf, asdf, assdf, asssdf etc.
  • plus "+" will match one or more times preceding symbol,
    example: as+df will match asdf, assdf etc.
  • dot "." - matches any symbol
    example as.f will match asdf, asbf ashf etc.
  • square brackets [] - variation between
    example as[df] will match asd and asf
  • question mark "?" will match one or none symbols,
    example asd?f will match asdf and asf
  • caret "^" - used at the beginning of the line means that line starts with,
  • dollar "$" - means at the end of the line


  • example 1 if file is requested return file from store called sata1:
/ip tftp add req-filename=file.txt real-filename=/sata1/file.txt allow=yes read-only=yes
  • example 2 if we want to give out one specific file no matter what user is requesting:
/ip tftp add req-filename=.* real-filename=/sata1/file.txt allow=yes read-only=yes
  • example 3 if user requests aaa.bin or bbb.bin then give them ccc.bin:
/ip tftp add req-filename="(aaa.bin)|(bbb.bin)" real-filename="/sata1/ccc.bin\\0" allow=yes read-only=yes