routeros 1.83.1, Apr 28 25

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.IpSettings

Explore with Pulumi AI

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as routeros from "@pulumi/routeros";

const settings = new routeros.IpSettings("settings", {ipv4MultipathHashPolicy: "l3-inner"});

import pulumi
import pulumi_routeros as routeros

settings = routeros.IpSettings("settings", ipv4_multipath_hash_policy="l3-inner")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/routeros/routeros"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := routeros.NewIpSettings(ctx, "settings", &routeros.IpSettingsArgs{
			Ipv4MultipathHashPolicy: pulumi.String("l3-inner"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Routeros = Pulumi.Routeros;

return await Deployment.RunAsync(() => 
{
    var settings = new Routeros.IpSettings("settings", new()
    {
        Ipv4MultipathHashPolicy = "l3-inner",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.routeros.IpSettings;
import com.pulumi.routeros.IpSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var settings = new IpSettings("settings", IpSettingsArgs.builder()
            .ipv4MultipathHashPolicy("l3-inner")
            .build());

    }
}

resources:
  settings:
    type: routeros:IpSettings
    properties:
      ipv4MultipathHashPolicy: l3-inner

Create IpSettings Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new IpSettings(name: string, args?: IpSettingsArgs, opts?: CustomResourceOptions);

@overload
def IpSettings(resource_name: str,
               args: Optional[IpSettingsArgs] = None,
               opts: Optional[ResourceOptions] = None)

@overload
def IpSettings(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               ___id_: Optional[float] = None,
               ___path_: Optional[str] = None,
               ___skip_: Optional[str] = None,
               accept_redirects: Optional[bool] = None,
               accept_source_route: Optional[bool] = None,
               allow_fast_path: Optional[bool] = None,
               arp_timeout: Optional[str] = None,
               icmp_errors_use_inbound_interface_address: Optional[bool] = None,
               icmp_rate_limit: Optional[float] = None,
               icmp_rate_mask: Optional[str] = None,
               ip_forward: Optional[bool] = None,
               ip_settings_id: Optional[str] = None,
               ipv4_multipath_hash_policy: Optional[str] = None,
               max_neighbor_entries: Optional[float] = None,
               route_cache: Optional[bool] = None,
               rp_filter: Optional[str] = None,
               secure_redirects: Optional[bool] = None,
               send_redirects: Optional[bool] = None,
               tcp_syncookies: Optional[bool] = None,
               tcp_timestamps: Optional[str] = None)

func NewIpSettings(ctx *Context, name string, args *IpSettingsArgs, opts ...ResourceOption) (*IpSettings, error)

public IpSettings(string name, IpSettingsArgs? args = null, CustomResourceOptions? opts = null)

public IpSettings(String name, IpSettingsArgs args)
public IpSettings(String name, IpSettingsArgs args, CustomResourceOptions options)

type: routeros:IpSettings
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args IpSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args IpSettingsArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args IpSettingsArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args IpSettingsArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args IpSettingsArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

IpSettings Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The IpSettings resource accepts the following input properties:

AcceptRedirects bool: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
AcceptSourceRoute bool: Whether to accept packets with the SRR option. Typically should be enabled on the router.
AllowFastPath bool: Allows Fast Path.
ArpTimeout string: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
IcmpErrorsUseInboundInterfaceAddress bool: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
IcmpRateLimit double: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
IcmpRateMask string: Mask made of ICMP types for which rates are being limited.
IpForward bool: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
IpSettingsId string
Ipv4MultipathHashPolicy string: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
MaxNeighborEntries double: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
RouteCache bool: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
RpFilter string: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
SecureRedirects bool: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
SendRedirects bool: Whether to send ICMP redirects. Recommended to be enabled on routers.
TcpSyncookies bool: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
TcpTimestamps string: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

AcceptRedirects bool: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
AcceptSourceRoute bool: Whether to accept packets with the SRR option. Typically should be enabled on the router.
AllowFastPath bool: Allows Fast Path.
ArpTimeout string: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
IcmpErrorsUseInboundInterfaceAddress bool: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
IcmpRateLimit float64: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
IcmpRateMask string: Mask made of ICMP types for which rates are being limited.
IpForward bool: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
IpSettingsId string
Ipv4MultipathHashPolicy string: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
MaxNeighborEntries float64: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
RouteCache bool: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
RpFilter string: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
SecureRedirects bool: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
SendRedirects bool: Whether to send ICMP redirects. Recommended to be enabled on routers.
TcpSyncookies bool: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
TcpTimestamps string: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
acceptRedirects Boolean: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
acceptSourceRoute Boolean: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allowFastPath Boolean: Allows Fast Path.
arpTimeout String: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmpErrorsUseInboundInterfaceAddress Boolean: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmpRateLimit Double: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmpRateMask String: Mask made of ICMP types for which rates are being limited.
ipForward Boolean: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ipSettingsId String
ipv4MultipathHashPolicy String: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
maxNeighborEntries Double: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
routeCache Boolean: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rpFilter String: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secureRedirects Boolean: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
sendRedirects Boolean: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcpSyncookies Boolean: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcpTimestamps String: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.
acceptRedirects boolean: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
acceptSourceRoute boolean: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allowFastPath boolean: Allows Fast Path.
arpTimeout string: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmpErrorsUseInboundInterfaceAddress boolean: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmpRateLimit number: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmpRateMask string: Mask made of ICMP types for which rates are being limited.
ipForward boolean: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ipSettingsId string
ipv4MultipathHashPolicy string: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
maxNeighborEntries number: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
routeCache boolean: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rpFilter string: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secureRedirects boolean: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
sendRedirects boolean: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcpSyncookies boolean: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcpTimestamps string: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ str: A set of transformations for field names. This is an internal service field, setting a value is not required.
accept_redirects bool: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
accept_source_route bool: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allow_fast_path bool: Allows Fast Path.
arp_timeout str: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmp_errors_use_inbound_interface_address bool: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmp_rate_limit float: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmp_rate_mask str: Mask made of ICMP types for which rates are being limited.
ip_forward bool: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ip_settings_id str
ipv4_multipath_hash_policy str: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
max_neighbor_entries float: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
route_cache bool: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rp_filter str: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secure_redirects bool: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
send_redirects bool: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcp_syncookies bool: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcp_timestamps str: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
acceptRedirects Boolean: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
acceptSourceRoute Boolean: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allowFastPath Boolean: Allows Fast Path.
arpTimeout String: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmpErrorsUseInboundInterfaceAddress Boolean: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmpRateLimit Number: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmpRateMask String: Mask made of ICMP types for which rates are being limited.
ipForward Boolean: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ipSettingsId String
ipv4MultipathHashPolicy String: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
maxNeighborEntries Number: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
routeCache Boolean: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rpFilter String: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secureRedirects Boolean: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
sendRedirects Boolean: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcpSyncookies Boolean: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcpTimestamps String: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

Outputs

All input properties are implicitly available as output properties. Additionally, the IpSettings resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing IpSettings Resource

Get an existing IpSettings resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IpSettingsState, opts?: CustomResourceOptions): IpSettings

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ___id_: Optional[float] = None,
        ___path_: Optional[str] = None,
        ___skip_: Optional[str] = None,
        accept_redirects: Optional[bool] = None,
        accept_source_route: Optional[bool] = None,
        allow_fast_path: Optional[bool] = None,
        arp_timeout: Optional[str] = None,
        icmp_errors_use_inbound_interface_address: Optional[bool] = None,
        icmp_rate_limit: Optional[float] = None,
        icmp_rate_mask: Optional[str] = None,
        ip_forward: Optional[bool] = None,
        ip_settings_id: Optional[str] = None,
        ipv4_multipath_hash_policy: Optional[str] = None,
        max_neighbor_entries: Optional[float] = None,
        route_cache: Optional[bool] = None,
        rp_filter: Optional[str] = None,
        secure_redirects: Optional[bool] = None,
        send_redirects: Optional[bool] = None,
        tcp_syncookies: Optional[bool] = None,
        tcp_timestamps: Optional[str] = None) -> IpSettings

func GetIpSettings(ctx *Context, name string, id IDInput, state *IpSettingsState, opts ...ResourceOption) (*IpSettings, error)

public static IpSettings Get(string name, Input<string> id, IpSettingsState? state, CustomResourceOptions? opts = null)

public static IpSettings get(String name, Output<String> id, IpSettingsState state, CustomResourceOptions options)

resources:  _:    type: routeros:IpSettings    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AcceptRedirects bool: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
AcceptSourceRoute bool: Whether to accept packets with the SRR option. Typically should be enabled on the router.
AllowFastPath bool: Allows Fast Path.
ArpTimeout string: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
IcmpErrorsUseInboundInterfaceAddress bool: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
IcmpRateLimit double: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
IcmpRateMask string: Mask made of ICMP types for which rates are being limited.
IpForward bool: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
IpSettingsId string
Ipv4MultipathHashPolicy string: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
MaxNeighborEntries double: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
RouteCache bool: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
RpFilter string: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
SecureRedirects bool: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
SendRedirects bool: Whether to send ICMP redirects. Recommended to be enabled on routers.
TcpSyncookies bool: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
TcpTimestamps string: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.
___id_ double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

AcceptRedirects bool: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
AcceptSourceRoute bool: Whether to accept packets with the SRR option. Typically should be enabled on the router.
AllowFastPath bool: Allows Fast Path.
ArpTimeout string: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
IcmpErrorsUseInboundInterfaceAddress bool: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
IcmpRateLimit float64: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
IcmpRateMask string: Mask made of ICMP types for which rates are being limited.
IpForward bool: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
IpSettingsId string
Ipv4MultipathHashPolicy string: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
MaxNeighborEntries float64: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
RouteCache bool: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
RpFilter string: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
SecureRedirects bool: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
SendRedirects bool: Whether to send ICMP redirects. Recommended to be enabled on routers.
TcpSyncookies bool: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
TcpTimestamps string: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.
___id_ float64: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.

___id_ Double: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
acceptRedirects Boolean: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
acceptSourceRoute Boolean: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allowFastPath Boolean: Allows Fast Path.
arpTimeout String: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmpErrorsUseInboundInterfaceAddress Boolean: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmpRateLimit Double: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmpRateMask String: Mask made of ICMP types for which rates are being limited.
ipForward Boolean: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ipSettingsId String
ipv4MultipathHashPolicy String: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
maxNeighborEntries Double: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
routeCache Boolean: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rpFilter String: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secureRedirects Boolean: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
sendRedirects Boolean: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcpSyncookies Boolean: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcpTimestamps String: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

___id_ number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ string: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ string: A set of transformations for field names. This is an internal service field, setting a value is not required.
acceptRedirects boolean: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
acceptSourceRoute boolean: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allowFastPath boolean: Allows Fast Path.
arpTimeout string: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmpErrorsUseInboundInterfaceAddress boolean: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmpRateLimit number: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmpRateMask string: Mask made of ICMP types for which rates are being limited.
ipForward boolean: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ipSettingsId string
ipv4MultipathHashPolicy string: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
maxNeighborEntries number: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
routeCache boolean: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rpFilter string: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secureRedirects boolean: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
sendRedirects boolean: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcpSyncookies boolean: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcpTimestamps string: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

___id_ float: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ str: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ str: A set of transformations for field names. This is an internal service field, setting a value is not required.
accept_redirects bool: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
accept_source_route bool: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allow_fast_path bool: Allows Fast Path.
arp_timeout str: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmp_errors_use_inbound_interface_address bool: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmp_rate_limit float: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmp_rate_mask str: Mask made of ICMP types for which rates are being limited.
ip_forward bool: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ip_settings_id str
ipv4_multipath_hash_policy str: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
max_neighbor_entries float: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
route_cache bool: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rp_filter str: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secure_redirects bool: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
send_redirects bool: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcp_syncookies bool: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcp_timestamps str: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

___id_ Number: Resource ID type (.id / name). This is an internal service field, setting a value is not required.
___path_ String: Resource path for CRUD operations. This is an internal service field, setting a value is not required.
___skip_ String: A set of transformations for field names. This is an internal service field, setting a value is not required.
acceptRedirects Boolean: Whether to accept ICMP redirect messages. Typically should be enabled on the host and disabled on routers.
acceptSourceRoute Boolean: Whether to accept packets with the SRR option. Typically should be enabled on the router.
allowFastPath Boolean: Allows Fast Path.
arpTimeout String: Sets Linux base_reachable_time (base_reachable_time_ms) on all interfaces that use ARP. The initial validity of the ARP entry is picked from the interval [timeout/2 - 3*timeout/2] (default from 15s to 45s) after the neighbor was found. Can use postfix ms, s, m, h, d for milliseconds, seconds, minutes, hours, or days. if no postfix is set then seconds (s) are used. The parameter means how long a valid ARP record will be considered complete if no one communicates with the specific MAC/IP during this time. The parameter does not represent a time when an ARP entry is removed from the ARP cache (see max-neighbor-entries setting).
icmpErrorsUseInboundInterfaceAddress Boolean: If enabled, the ICMP error message reply will be sent with the source address equal to primary address of the receiving interface that caused the error . This feature can be useful for complex network debugging.
icmpRateLimit Number: Limit the maximum rates for sending ICMP packets whose type matches icmp-rate-mask to specific targets. 0 disables any limiting, other values indicate the minimum space between responses in milliseconds.
icmpRateMask String: Mask made of ICMP types for which rates are being limited.
ipForward Boolean: Enable/disable packet forwarding between interfaces. Resets all configuration parameters to defaults according to RFC1812 for routers.
ipSettingsId String
ipv4MultipathHashPolicy String: IPv4 Hash policy used for ECMP routing in /ip/settings menu * l3 -- layer-3 hashing of src IP, dst IP * l3-inner -- layer-3 hashing or inner layer-3 hashing if available * l4 -- layer-4 hashing of src IP, dst IP, IP protocol, src port, dst port
maxNeighborEntries Number: Sets Linux gc_thresh3. A maximum number of allowed neighbors in the ARP table. Since RouterOS version 7.1, the default value depends on the installed amount of RAM. It is possible to set a higher value than the default, but it increases the risk of out-of-memory condition. The default values for certain RAM sizes: * 2048 for 64 MB, * 4096 for 128 MB, * 8192 for 256 MB, * 16384 for 512 MB or higher. The ARP cache stores ARP entries, and if some of these entries are incomplete, they can stay in the cache for an indefinite period of time. This will only happen if the number of entries in the cache is less than one-fourth of the maximum number allowed. The reason for this is to prevent the unnecessary running of the garbage-collector when the ARP table is not close to being full.
routeCache Boolean: Disable or enable the Linux route cache. Note that disabling the route cache, will also disable the fast path.
rpFilter String: Disables or enables source validation. * no - No source validation. * strict - Strict mode as defined in RFC3704 Strict Reverse Path. Each incoming packet is tested against the FIB and if the interface is not the best reverse path the packet check will fail. By default failed packets are discarded. * loose - Loose mode as defined in RFC3704 Loose Reverse Path. Each incoming packet's source address is also tested against the FIB and if the source address is not reachable via any interface the packet check will fail. The current recommended practice in RFC3704 is to enable strict mode to prevent IP spoofing from DDoS attacks. If using asymmetric routing or other complicated routing or VRRP, then the loose mode is recommended. Warning: strict mode does not work with routing tables
secureRedirects Boolean: Accept ICMP redirect messages only for gateways, listed in the default gateway list.
sendRedirects Boolean: Whether to send ICMP redirects. Recommended to be enabled on routers.
tcpSyncookies Boolean: end out syncookies when the syn backlog queue of a socket overflows. This is to prevent the common 'SYN flood attack'. syncookies seriously violate TCP protocol, and disallow the use of TCP extensions, which can result in serious degradation of some services (f.e. SMTP relaying), visible not by you, but to your clients and relays, contacting you.
tcpTimestamps String: Parameter allows to enable/disable TCP timestamps or add random offset to TCP timestamp (default behavior). Disabling timestamps completely may help to reduce spikes of performance drops.

Import

$ pulumi import routeros:index/ipSettings:IpSettings settings .

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: routeros terraform-routeros/terraform-provider-routeros
License
Notes: This Pulumi package is based on the routeros Terraform Provider.

routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros

terraform-routeros/terraform-provider-routeros

routeros.IpSettings

On this page

On this page

Example Usage

Create IpSettings Resource

Constructor syntax

Parameters

IpSettings Resource Properties

Inputs

Outputs

Look up Existing IpSettings Resource

Import

Package Details

On this page

On this page