Content filter categories have been disabled, but a host is still not accessible?
Possible cause
Your Mikrotik responds to ICMP packets, which is expressly blocked in the bolt-on script. However, it often happens that an allow rule appears above it.
This is relevant since we use ICMP to determine whether we’re using the old method of pushing updates to the Mikrotik via SSH, or updating via a pull from your Mikrotik (the prefered method).
If ICMP responses are received the portal attempts to copy the updates to the Mikrotik via SSH and the update fails. This causes a race condition between the two mechanisms resulting in updates going missing.
It is possible in this scenario that the update never removed the IP from the kill list.
Resolution
- First step is to clear your lvcloud_kill_list address list entries manually as the portal and your Mikrotik are no longer in sync. This should immediately resolve any unexpected blocks.
- To prevent this from happening again, please look for the rule below
/ip firewall filter add action=reject chain=input comment=lvcloud_block connection-state=new in-interface=lvcloud reject-with=icmp-network-
and make sure it is above any allow rule of the lvcloud interface.
This should fully disable any attempt to push updates to your Mikrotik.
If you continue to experience issues please contact us and include screenshots as well as a list of the filter rules. We need to know if there is a change on the client side, or even preexisting rules, can cause issues.
Also please this FAQ for trouble-shooting.