Trivial File Transfer Protocol or simply TFTP is a very simple protocol used to transfer files. Each nonterminal packet is acknowledged separately.


This menu contains all TFTP access rules. If in this menu are no rules, the TFTP server is not started when RouterOS boots. This menu only shows 1 additional attribute compared to what you can set when creating a rule.


ip-address (required)Range of IP addresses accepted as clients if empty will be used
allow-rollover (Default: No)If set to yes TFTP server will allow the sequence number to roll over when the maximum value is reached. This is used to enable large downloads using the TFTP server.
req-filenameRequested filename asregular expression (regex) if a field is left empty it defaults to .*
real-filenameIf req-filename and real-filename values are set and valid, the requested filename will be replaced with matched file. This field has to be set. If multiple regex is specified in req-filename, with this field you can set which ones should match, so this rule is validated. The real-filename format for using multiple regex is filename\0\5\6
allow (default: yes)To allow connection if the above fields are set. if no, a connection will be interrupted
read-only (default: no)Sets if a file can be written to, if set to "yes" write attempt will fail with error
hits (read-only)How many times this access rule entry has been used (read-only)



This menu contains all TFTP settings.

max-block-size (default:4096)Maximum accepted block size value. During the transfer negotiation phase, the RouterOS device will not negotiate a larger value than this.


Req-filename field allowed regexp, allowed regexp in this field are:

brackets () - marking subsection:

    example 1 a(sd|fg) will match asd or afg

asterisk "*" - match zero or more times preceding symbol:

    example 1 a* will match any length name consisting purely of symbols a or no symbols at all
    example 2 .* will match any length name, also, empty field
    example 3 as*df will match adf, asdf, assdf, asssdf etc.

plus "+" will match one or more times the preceding symbol:

    example: as+df will match asdf, assdf etc.

dot "." - matches any symbol:

    example as.f will match asdf, asbf ashf etc.

square brackets [] - variation between:

    example as[df] will match asd and asf

question mark "?" will match one or no symbols:

    example asd?f will match asdf and asf

caret "^" - used at the beginning of the line means that the line starts with;

dollar "$" - means at the end of the line.


If a file is requested return the file from the store called sata1:

/ip tftp add req-filename=file.txt real-filename=/sata1/file.txt allow=yes read-only=yes

If we want to give out one specific file no matter what the user is requesting:

/ip tftp add req-filename=.* real-filename=/sata1/file.txt allow=yes read-only=yes

 If the user requests aaa.bin or bbb.bin then give them ccc.bin:

/ip tftp add req-filename="(aaa.bin)|(bbb.bin)" real-filename="/sata1/ccc.bin\\0" allow=yes read-only=yes

RouterOS receives TFTP requests, but the client gets a transfer timeout?

Some embedded clients request large block sizes and yet do not handle fragmented packets correctly. For these clients, it is recommended to set "max-block-size" on the RouterOS side or "blksize" on Client-side to the value of the smallest MTU on your network minus 32 bytes (20 bytes for IP, 8 for UDP, and 4 for TFTP) and more if you use IP options on your network.

  • No labels