Bug: Firewall Interface !-operator does not work

RouterOS General
1

Hi Mikrotik, love your products, wanted to report a bug with the firewall interface on RouterOS.

The issue is the not-operator (!) does not work in the list of firewall rules, in other words it does not do anything.

Screenshot From 2026-05-04 19-48-06
Screenshot From 2026-05-04 19-48-061052×798 53.4 KB

Proof: My interface [ether1] is tagged as [LAN] interfaces-list

Default rule [drop traffic !LAN interfaces-list] does not allow connection over IP from [ether1]

Changing the rule to [drop traffic WAN interfaces-list] allows connection over IP from [ether1]

Changing the rule again to [drop traffic !WAN interfaces-list] still allows connection over IP from [ether1]

=> implies the !-operator does not do anything.

Also makes the default settings impossible to connect with over IP in bridge mode under automatic IP address assignment. You have to change the rule to the drop WAN setting in order for the firewall to properly function.

Related post: Unable to access mikrotik via IP address

2

forum post != bug report

1 Like
3

There's no bug here.

2 Likes
4

Please post a proper export from your configuration. See this guide: Forum rules - #5 by gigabyte091.

My guess from the screenshot is that you are having your ethernet ports in a bridge, which means they are slave port (have an S letter next to them in the Interfaces table). If that's the case, you'll have to add the bridge interface to the LAN interface list, not the individual slave ports.

2 Likes
5

First learn how to use it, then maybe you can report bugs to support when they actually occur.

1 Like
6

Please change title to:

OP Self-Reports Incompetence but willing to Learn
( aka what am I doing wrong should be the first instinct, as opposed to, its the routers fault.
The first rule of MT should be, approach configuration with humbleness, 99.9 errors are operator error )

7

Still think the bug exists.

Model e60igs / RouterOS 7.22.2 / Firmware 7.21.

8

It is considered not as bug as long you have not provided evidence (configuration) and proof.

1 Like
9

fair enough
i was able to get the functionality back after upgrading to 7.22.2 fw