I have a line in the RAW part of RouterOS that has as action "return" (return - passes control back to the chain from where the jump took place). Now that line matches the traffic and traffic is handed back. A few days ago I put an line with action "drop" two line underneath the "return" line. That new line is for something completely different UDP traffic but I noticed that it matched traffic that was that would have normally would be matched by the "rectun" line two lines up in the list.
When I disable the "drop" line then return line will match the traffic again and hand it back.
I am totally confused by this behaviour or is this normal that "drop" have priority in the list and match traffic earlier, even if it is lower in the line.
The exact lines I can post this evening when I am home again and underneath I put the shortened lines as I remember now:
RAW-prerouting-UDP-port any X1 ports-adress from list-return
RAW-prerouting-destination !192.168.0.0/16-UDP-port out Y1 ports,etc....-drop
.
.
RAW-prerouting-UDP-drop
My RouterOS is on 6.39RC51
update: thinking more about this and looking in the Wiki, could it be that "return" is working like a fork. However I don't see a increase in the packe tcounter on the "return" line. Maybe "accept" would be better if there are no other lines in filtering or mangle for this traffic.