This almost certainly means DoS / RCE from exposed www service. "Stability" in Mikrotik-speak means crashes.@EdPa
Could you elaborate more what "stability when receiving malformed packets" means?
Ah yeah, forgot the original was 3 chain, but the CPU is too weak to actually get more throughput than 2 chains.hAP ac is actually 3 chain https://mikrotik.com/product/RB962UiGS-5HacT2HnT
/ip firewall service-port
set ftp disabled=yes
I can confirm that this now closes the remote code execution bug possible by a MITM. Using winbox auto update should be safe for now .*) improved MikroTik signature checking on WinBox update;
Unfortunately this check still seems insecure.*) on update, Winbox will check that code is signed by MikroTik and not somebody else;
100% agreed.Please put these kind of features in a external packages. Completely unnecessary for the majority of the users and will only end up as an security issue.
Normal people gets an NAS or mini-server to run torrents.
SMTP-only access is unaffected.
Can you elaborate on what was changed here? The last time conntrack was changed with the loose TCP tracking option it introduced a regression, so I'd like to know exactly what changed and what to look out for.conntrack - significant stability and performance improvements;
Show a security error if user tries to open HTTPS website.https-redirect=yes
Show a network error if user tries to open HTTPS website.https-redirect=no