The site of this cpu does not even say what kind of qos is supported. I came across this video and got curious.. But there, to be honest, as it seemed to me, there is not a very big difference (apparently due to the small number of NAT connections). CRS3 series, NAT rules applied to the offloaded Fa...

Hi. Many people have devices on this CPU. It would be great if the developers in v7 ROS, in addition to Vlan Offload, implemented HW NAT, Routing, QoS. Is there hope for these features in future releases? For example, OpenWRT has released firmware for hEX with HW NAT support.
Link - MT7621A.

Interestingly, added the ability from the vpn server (l2tp/ipsec) to transfer routes to remote clients? For example dnsmasq can do this.

Made a simple script that processes the generated Suricata eve-log in real time and, based on alerts, adds an ip-address to the MikroTik Address Lists for a specified time for subsequent blocking. #!/usr/bin/env bash # Bashcata Variables; router="" # mikrotik ip; login="" # user ...

Got it, thank you all for the clarification!

Port forwarding won't work! Sure it will. That's the part of the default config, and it works perfectly fine. Meant this: +(3) (1) add action=accept chain=forward connection-state=established,related (2) add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-li...

Port forwarding won't work! (1) add action=accept chain=forward connection-state=established,related (2) add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN Port forwarding will work! But the second rule is not needed for port forwarding to work. (1)...

This symbol (!) Means not .. (1) add action=accept chain=forward connection-state=established,related (2) add action=drop chain=forward connection-nat-state=!dstnat connection-state=new in-interface-list=WAN (3) add action=drop chain=forward in-interface-list=WAN comment="drop all else" Sh...

Hi! This does not work on my router. Collected a simple circuit in GNS3. There are 2 CHR with such settings. Ros 6.48.2 Based on the documentation on: help.mikrotik Brief firewall filter rule explanation: drop incoming packets that are not NAT`ed, ether1 is public interface, log attempts with "...

Hey! On the device hEX (rb750gr3) there is a similar problem with the display of "system health" in winbox .. Also noticed that after the is rebooted, the information may appear or disappear. CF: 6.48.2.

Thanks zbe for your script. I wrote a mini instruction for setting up Suricata in conjunction with ROS+Mikrocata on Debian Buster.