Yes. When you add an ip to the a list, if you've ever created that list before or rules that deal with the list, it will be available in the dropdown for the list name. Alternatively, you can type it in. Keep in mind it is case sensitive. We automate this through Wispmon so when a customer gets suspended, it ssh's to the router and runs the command
/ip firewall address-list add address=10.x.x.x list=suspended On Tue, Dec 29, 2015 at 12:47 PM, Josh Luthman <[email protected]> wrote: > When you add the firewall rules you'll "create" the address-list. When > you add IPs to it, you'll see it in the drop down menu (I'd suggest this > over typing it when adding IPs to rule out mistakes). > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On Tue, Dec 29, 2015 at 1:44 PM, Tim Reichhart < > [email protected]> wrote: > >> Cameron >> do I need to make an separate list for suspended customer name with ip >> address with this code? >> >> Tim >> >> ------------------------------ >> -----Original Message----- >> From: "Cameron Crum" <[email protected]> >> To: [email protected] >> Date: 12/29/15 01:20 PM >> Subject: Re: [AFMUG] redirect customers ip to nonpayment page on miktroik >> >> and that nat rule needs to be at the top of your rules. >> >> On Tue, Dec 29, 2015 at 12:19 PM, Cameron Crum <[email protected]> wrote: >> >>> Here is the setup script...obviously you need to adjust the urls and >>> address range on the last line to fit your needs. >>> >>> /ip firewall filter >>> add action=accept chain=input comment=\ >>> "Allow Proxy - redirect suspended users" disabled=no dst-port=16099 \ >>> protocol=tcp >>> add action=jump chain=forward disabled=no jump-target=Suspended \ >>> src-address-list=suspended >>> add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp >>> add action=accept chain=Suspended disabled=no \ >>> dst-port=53 protocol=udp >>> add action=log chain=Suspended disabled=no >>> dst-address-list=!PaymentGateway \ >>> limit=5/1m,10 log-prefix="" >>> add action=reject chain=Suspended disabled=no reject-with=\ >>> icmp-admin-prohibited >>> >>> /ip firewall nat >>> add action=redirect chain=dstnat comment="Redirect Rule for suspend >>> users - chan\ >>> ge To Address under action to portal page" disabled=no dst-port=80 \ >>> protocol=tcp src-address-list=suspended to-ports=16099 >>> >>> /ip proxy >>> set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 >>> cache-on-disk=no enabled=\ >>> yes max-cache-size=none max-client-connections=600 max-fresh-time=3d >>> max-server-connections=\ >>> 600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099 >>> serialize-connections=no src-address=\ >>> 0.0.0.0 >>> /ip proxy access >>> add action=allow disabled=no dst-host=www.mycompany.com >>> add action=deny disabled=no redirect-to= >>> https://www.mycompany.com/redirectpage.html src-address=\ >>> 10.x.x.x/x >>> >>> >>> >>> On Tue, Dec 29, 2015 at 12:14 PM, Ken Hohhof <[email protected]> wrote: >>> >>>> >>>> With everyone switching to "devices" and "apps", some people never see >>>> a redirect or in-browser notification. If it doesn't show up on the Xbox, >>>> Roku, Smart TV, or iPhone app, they never see it. >>>> >>>> >>>> >>>> >>>> *From:* [email protected] >>>> *Sent:* Tuesday, December 29, 2015 11:47 AM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] redirect customers ip to nonpayment page on >>>> miktroik >>>> >>>> >>>> >>>> >>>> >>>> http://www.perftech.com/ >>>> >>>> >>>> >>>> >>>> *From:* Cameron Crum <[email protected]> >>>> *Sent:* Tuesday, December 29, 2015 10:28 AM >>>> *To:* [email protected] >>>> *Subject:* Re: [AFMUG] redirect customers ip to nonpayment page on >>>> miktroik >>>> >>>> >>>> >>>> >>>> >>>> If your customers have static ip assignments you can use an address >>>> list and web proxy. If not, then there probably is no other way. >>>> >>>> >>>> On Tue, Dec 29, 2015 at 11:25 AM, Tim Reichhart < >>>> [email protected]> wrote: >>>> >>>>> I am looking to redirect customers ip to non-payment page on miktroik >>>>> and I do nat at core router and i dont have radius setup. >>>>> >>>>> Tim >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> >> >> >
