The current rule set works.Your default input drop rule has a setting of tcp-flags=""
This is probably the problem. Remove any reference to tcp-flags and it should then catch anything not specifically allowed before that.
No.@nescafe: did you use 6.37.1?
@rohnjohn63: try downgrading to bugfix channel, 6.36.4. Do the linux host uPNP properly creates the dynamic dst-nat on IP > Firewall > Filter in this case?
And Tomato Shibby. A list of the last 50(?) web sites visited, with timestamp and LAN IP address. Stunningly useful.Why this is not possible to get domain names. Other routers like DD-WRT or Openwrt can do this.
But dnsmasq can also be a name server for devices in the LAN.qubic you have dns cache service already built in into RouterOS. (IP > DNS, tick Allow remote requests)
Unless you have a very large network that needs to cope with more than 100 requests per second no need for a separate cache.