If you didn't want the redirect, you could just write a quick firewall to drop all traffic from the suspended list as well, but redirecting to a portal is preferable in my view.
Cameron On Mon, Mar 26, 2018 at 11:09 AM, Sam Lambie <samtaos...@gmail.com> wrote: > thank you Cameron. I appreciate it! > > On Mon, Mar 26, 2018 at 10:04 AM, Cameron Crum <cc...@murcevilo.com> > wrote: > >> Here is a MT script to set up the web proxy redirect. Obviously you will >> need to change the urls in the last section under /ip proxy address. This >> script takes anything in the 'suspended' address list and redirects port 80 >> traffic to whatever you put in place of myportal.com. You also need to >> match the ip range at the bottom to whatever ip range you are handing out >> to your customers. You can add as many of that last rule as you need to >> cover all your ranges. As for the ssh script, it should be easy enough to >> write a simple script to ssh in and launch one of these: >> >> /ip firewall address-list add address=x.x.x.x list=suspended >> >> and to remove >> >> /ip firewall address-list remove [find address=x.x.x.x] >> >> The web proxy set up script is this (only run this one time, then move >> all the rules to the top of their respective firewall sections): >> >> >> add action=accept chain=input comment=\ >> "Allow Proxy - redirect suspended users - this and then next five >> rules should be at the top of the filter list" disabled=no dst-port=16099 \ >> protocol=tcp >> add action=jump chain=forward disabled=no jump-target=Suspended \ >> src-address-list=suspended >> add action=accept chain=Suspended disabled=no dst-port=443 protocol=tcp >> add action=accept chain=Suspended disabled=no \ >> dst-port=53 protocol=udp >> add action=log chain=Suspended disabled=no dst-address-list=!PaymentGateway >> limit=5/1m,10 log-prefix="" >> add action=reject chain=Suspended disabled=no reject-with=\ >> icmp-admin-prohibited >> >> /ip firewall nat >> add action=redirect chain=dstnat comment="Redirect Nat Rule for suspend >> users - put this rule at the top of the list " disabled=no dst-port=80 \ >> protocol=tcp src-address-list=suspended to-ports=16099 >> >> /ip proxy >> set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 >> cache-on-disk=no enabled=\ >> yes max-cache-size=none max-client-connections=600 max-fresh-time=3d >> max-server-connections=\ >> 600 parent-proxy=0.0.0.0 parent-proxy-port=0 port=16099 >> serialize-connections=no src-address=\ >> 0.0.0.0 >> /ip proxy access >> add action=allow disabled=no dst-host=mywebsite.com >> add action=allow disabled=no dst-host=www.mywebsite.com >> add action=deny disabled=no redirect-to=myportal.com src-address=\ >> x.x.x.x/24 >> >> >> >> >> >> >> On Mon, Mar 26, 2018 at 10:53 AM, Sam Lambie <samtaos...@gmail.com> >> wrote: >> >>> We are in the the process of going to MT. But now, plain ole Linksys >>> e2500's. >>> >>> On Mon, Mar 26, 2018 at 9:51 AM, Cameron Crum <cc...@murcevilo.com> >>> wrote: >>> >>>> Are you using MT routers? I can show you a script to ssh to the router >>>> and move him to an address list that either redirects him through a web >>>> proxy or just drops all traffic. >>>> >>>> On Mon, Mar 26, 2018 at 10:36 AM, Sam Lambie <samtaos...@gmail.com> >>>> wrote: >>>> >>>>> Has anyone used a script to check say every 5 minutes when an SM is up >>>>> and make changes to it? If so, got an example? >>>>> >>>>> Ideally, I want to turn off the ethernet interface of the radio as the >>>>> customer is a bum, but he keeps weird hours an I don't want to be glued to >>>>> my seat checking when he is up. >>>>> I know that I could just block is WAN IP, but this is something I am >>>>> interested in and have never done. >>>>> Thanks >>>>> Sam >>>>> >>>>> -- >>>>> -- >>>>> *Sam Lambie* >>>>> Taosnet Wireless Tech. >>>>> 575-758-7598 <(575)%20758-7598> Office >>>>> www.Taosnet.com <http://www.newmex.com> >>>>> >>>> >>>> >>> >>> >>> -- >>> -- >>> *Sam Lambie* >>> Taosnet Wireless Tech. >>> 575-758-7598 <(575)%20758-7598> Office >>> www.Taosnet.com <http://www.newmex.com> >>> >> >> > > > -- > -- > *Sam Lambie* > Taosnet Wireless Tech. > 575-758-7598 <(575)%20758-7598> Office > www.Taosnet.com <http://www.newmex.com> >
