hi,
i have a 750UP
there are builtin in fasttrack rules in the ip firewall filters and mangle.
i want to disable this, as it interferes with my queues.
i have an existing 750GL and did this about a year ago.
now i cannot remember how i removed them.
when i try to remove or disable i get an error message that says that i cannot disable or remove builtin. however, i did do this previously.
i have spend the past 2 hrs googling and on this forum to find an answer, but, sadly, i am either blind as a bat, or my search parameters suck, coz i cannot find how to do it.
the posts or google links that i do find just say disable, or delete, but, that does not work, as per the above.
please can somebody point me to a post that has a solution that works?
thank you so much
regards
Marc
Not sure about that, but did you try to reset your RB with no default configuration?
Hi,
Fasttrack enabled by default defined by those two rules:
/ip firewall filter
add chain=forward action=fasttrack-connection connection-state=established,related
add chain=forward action=accept connection-state=established,related
You could see entire default configuration by running into terminal command;
/system default-configuration print
… should see line like:
...
/ip firewall {
filter add chain=input action=accept protocol=icmp comment="defconf: accept ICMP"
filter add chain=input action=accept connection-state=established,related comment="defconf: accept established,related"
filter add chain=input action=drop in-interface=ether1 comment="defconf: drop all from WAN"
filter add chain=forward action=fasttrack-connection connection-state=established,related comment=“defconf: fasttrack”
filter add chain=forward action=accept connection-state=established,related comment=“defconf: accept established,related”
filter add chain=forward action=drop connection-state=invalid comment="defconf: drop invalid"
filter add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether1 comment="defconf: drop all from WAN not DSTNATed"
}
...
Long story, short…
Disable into FILTER tab rules which are commented out with “defconf: fasttrack” and one with “defconf: accept established,related”; in image above (from https://wiki.mikrotik.com/index.php?title=Manual:IP/Fasttrack&redirect=no ) are reprezented by rules nr 4 and 5.
After that just reboot the router. That’s all.
Hope it helps.
kind regards,
Perhaps you tried to disable rule #1 (dummy) which indeed isn’t possible.
Do NOT disable rule #5 (above) since this will block response packets. Just disable the one forward rule with action=fasttrack-connection.
No reboot necessary. You could kill existing connections in the Firewall > Connections tab if necessary.
Hi,
That’s what he did 
He said fasttrack is interfering with his queues. So i presumed that he has already have at least a basic firewall up and running and fasttrack rules were left out; based on my presumption:
a. since he did not show us any config rules i do not know if that global forward accept is even in his firewall rules ( example posted by me was from mikrotik manual );
b. I am a beginner too with mikrotik and i am not sure if is a good idea to have a global forward accept within filter rules.
After reboot those “dummy” won’t appear anymore in filter and mangle tab/table. That’s what i meant.
kind regards,
Hi Janus20 and Nescafe2002,
thank you for your inputs.
i will try this tonight when i am home and then let you know what happened.
thank you again. hope your day is Lego
regards
Marc
Whoop Whoop
thank you so much.
apologies for the delay - work got in the way…
thank you again.
regards
Marc
HI, so is this #5 rule necessary?