Difference between revisions of "Upgrade rsc files"

From MikroTik Wiki
Jump to: navigation, search
(Upgrade.rsc file header)
Line 1: Line 1:
 
 
== Introduction ==
 
== Introduction ==
  
Line 18: Line 17:
 
  /system backup save;
 
  /system backup save;
 
  :delay 10s;
 
  :delay 10s;
 +
 +
== Mangle Rules and Queue Tree Setup ==
 +
 +
This set of scripts will setup mangle rules and a queue tree on the CPE. WARNING all existing mangle rules and queues (tree) will be removed.
 +
 +
{:log info "Remove Mangle Rules - Script Start"
 +
:local counter 0
 +
:local delaytime 5
 +
:local numloops 1
 +
:while ($counter < $numloops) do={ \
 +
:log info "Removing Mangle Rules"
 +
:foreach i in=[/ip firewall mangle find] do={ \
 +
/ip firewall mangle remove $i
 +
:log info "Removed $i"
 +
}
 +
:set counter ($counter+1)
 +
:log info "delaying..."
 +
:delay $delaytime
 +
    }
 +
}
 +
/ip firewall mangle
 +
add action=mark-connection chain=prerouting comment="HTTP and E-Mail" disabled=no dst-port=80,25,110,995,5222,8080,6600-6700,7000,9010,2086,443,465 new-connection-mark=http_conn passthrough=yes protocol=tcp
 +
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no new-packet-mark=http passthrough=no
 +
add action=mark-connection chain=prerouting comment=Admin disabled=no dst-port=22,23,53,123,161,162,2210,2211,8291 in-interface=ether1 new-connection-mark=admin_conn passthrough=yes protocol=tcp
 +
add action=mark-connection chain=prerouting disabled=no dst-port=53,123,161,162 in-interface=ether1 new-connection-mark=admin_conn passthrough=yes protocol=udp
 +
add action=mark-connection chain=prerouting disabled=no new-connection-mark=admin_conn passthrough=yes protocol=icmp
 +
add action=mark-packet chain=prerouting connection-mark=admin_conn disabled=no new-packet-mark=admin passthrough=no
 +
add action=mark-connection chain=prerouting comment=FTP disabled=no dst-port=21 in-interface=ether1 new-connection-mark=ftp_conn passthrough=yes protocol=tcp
 +
add action=mark-packet chain=prerouting connection-mark=ftp_conn disabled=no new-packet-mark=ftp passthrough=no
 +
add action=mark-connection chain=prerouting comment=P2P disabled=no in-interface=ether1 new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
 +
add action=mark-packet chain=prerouting connection-mark=p2p_conn disabled=no new-packet-mark=p2p passthrough=no
 +
add action=mark-connection chain=prerouting comment="Other Traffic" disabled=no in-interface=ether1 new-connection-mark=other_conn passthrough=yes
 +
add action=mark-packet chain=prerouting connection-mark=other_conn disabled=no new-packet-mark=other passthrough=no
 +
{:log info "Remove Queue Tree - Script Start"
 +
:local counter 0
 +
:local delaytime 5
 +
:local numloops 1
 +
:while ($counter < $numloops) do={ \
 +
:log info "Removing Queue Trees"
 +
:foreach i in=[/queue tree find] do={ \
 +
/queue tree remove $i
 +
:log info "Removed $i"
 +
}
 +
:set counter ($counter+1)
 +
:log info "delaying..."
 +
:delay $delaytime
 +
}
 +
}
 +
/queue tree
 +
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=Global_In parent=global-in priority=1
 +
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=admin_in packet-mark=admin parent=Global_In priority=1 queue=default
 +
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=http_in packet-mark=http parent=Global_In priority=2 queue=default
 +
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=ftp_in packet-mark=ftp parent=Global_In priority=3 queue=default
 +
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=P2P_in packet-mark=p2p parent=Global_In priority=8 queue=default
 +
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=other_in packet-mark=other parent=Global_In priority=5 queue=default
 +
 +
And that...

Revision as of 18:57, 20 August 2012

Introduction

The file upgrade.rsc is the key component to mass roll-outs of CPE setting changes and script additions. By creating this file and uploading to main mikrotik AP/router, changing hundreds of CPE's within a few seconds is only moments away. Enable the trigger IP (in our case 172.16.0.1), sit back and watch all your CPE's log in via ftp, collect the upgrade.rsc file and import it on all the CPE's.

Below are few examples of upgrade.rsc files. You MUST test these on a single local CPE to see that no negative reactions occur, before rolling out for network wide implementation. As always, used at your own risk.


Upgrade.rsc file header

Every upgrade.rsc has the same first 6 lines. So we will not include these lines in each file. Please not ignore this, you do need to do maintenance of the number of files on your CPE's and this is the simplest method.

:if ([file find type=".rif file"]!="") do={/file remove [find type=".rif file"]}
:if ([file find type=".tar file"]!="") do={/file remove [find type=".tar file"]}
:if ([file find type="backup"]!="") do={/file remove [find type="backup"]}
:if ([file find type="script"]!="") do={/file remove [find type="script"]}
/system backup save;
:delay 10s;

Mangle Rules and Queue Tree Setup

This set of scripts will setup mangle rules and a queue tree on the CPE. WARNING all existing mangle rules and queues (tree) will be removed.

{:log info "Remove Mangle Rules - Script Start"
:local counter 0
:local delaytime 5
:local numloops 1
:while ($counter < $numloops) do={ \
:log info "Removing Mangle Rules"
:foreach i in=[/ip firewall mangle find] do={ \
/ip firewall mangle remove $i
:log info "Removed $i"
}
:set counter ($counter+1)
:log info "delaying..."
:delay $delaytime
   }
}
/ip firewall mangle
add action=mark-connection chain=prerouting comment="HTTP and E-Mail" disabled=no dst-port=80,25,110,995,5222,8080,6600-6700,7000,9010,2086,443,465 new-connection-mark=http_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn disabled=no new-packet-mark=http passthrough=no
add action=mark-connection chain=prerouting comment=Admin disabled=no dst-port=22,23,53,123,161,162,2210,2211,8291 in-interface=ether1 new-connection-mark=admin_conn passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting disabled=no dst-port=53,123,161,162 in-interface=ether1 new-connection-mark=admin_conn passthrough=yes protocol=udp
add action=mark-connection chain=prerouting disabled=no new-connection-mark=admin_conn passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=admin_conn disabled=no new-packet-mark=admin passthrough=no
add action=mark-connection chain=prerouting comment=FTP disabled=no dst-port=21 in-interface=ether1 new-connection-mark=ftp_conn passthrough=yes protocol=tcp
add action=mark-packet chain=prerouting connection-mark=ftp_conn disabled=no new-packet-mark=ftp passthrough=no
add action=mark-connection chain=prerouting comment=P2P disabled=no in-interface=ether1 new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes
add action=mark-packet chain=prerouting connection-mark=p2p_conn disabled=no new-packet-mark=p2p passthrough=no
add action=mark-connection chain=prerouting comment="Other Traffic" disabled=no in-interface=ether1 new-connection-mark=other_conn passthrough=yes
add action=mark-packet chain=prerouting connection-mark=other_conn disabled=no new-packet-mark=other passthrough=no
{:log info "Remove Queue Tree - Script Start"
:local counter 0
:local delaytime 5
:local numloops 1
:while ($counter < $numloops) do={ \
:log info "Removing Queue Trees"
:foreach i in=[/queue tree find] do={ \
/queue tree remove $i
:log info "Removed $i"
}
:set counter ($counter+1)
:log info "delaying..."
:delay $delaytime
}
}
/queue tree
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=Global_In parent=global-in priority=1
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=admin_in packet-mark=admin parent=Global_In priority=1 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=http_in packet-mark=http parent=Global_In priority=2 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=ftp_in packet-mark=ftp parent=Global_In priority=3 queue=default 
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=P2P_in packet-mark=p2p parent=Global_In priority=8 queue=default
add burst-limit=50M burst-threshold=50M burst-time=3s disabled=no limit-at=50M max-limit=50M name=other_in packet-mark=other parent=Global_In priority=5 queue=default

And that...