First a problem with VPN, i can not use VPN on my local network, unless i disable the firewall rule to block unwanted traffic. Then i can use it. So i guess i need a rule above it to allow VPN, but how?
This is the rule, it’s my final rule in the filter rules list:
comment: Drop all other traffic through the router.
chain=forward action=drop
The second problem is, that my laptop’s ip adress is constantly showing up in a blacklist with a 3 hour Timeout.
It’s called ftp_blacklist and i disabled the 2 rules that use that adresslist but still it shows up.
When i change the ip adress of the laptop; it makes no difference. How can I whitelist that?
What rule has an action that is add to address list, list = ftp-blacklist ?
Find that rule, and you’ll have an idea why your laptop is making the 'tik angry.
Also - does this happen even when you are not trying to use the VPN client?
If this is ‘just happening’ then maybe there’s some malware on your computer (if the add-to-blacklist rules aren’t written badly, that is)
VPN should be easy - add action=accept chain=forward dst-address=vpn server ip here
Put this rule early in the forward chain.
This blacklist rule is interesting.
It means if the Mikrotik originates a tcp packet, whose contents include “530 Login incorrect” - then bam, blacklist.
No retries / rate limits (unless a similar rule right before it has a rate limit) , no specific port - the rule says FTP, but any tcp traffic with that content will match.
This means that the Mikrotik is sending such packets to your laptop.
(Packets flowing through the Mikrotik to/from the Internet would not match this rule - unless there’s another one just like it in the forward chain)