Does “Detect internet” bypass the firewall?
> /ip firewall filter add action=passthrough chain=output dst-port=30000 protocol=udp ;
does not count!
> /ip firewall raw add action=drop chain=output dst-address=159.0.0.0/8 ;
does not block!
Nevertheless, communication is established!
Dst: 159.148.147.229 User Datagram Protocol, Src Port: 5678, Dst Port: 30000
???
Most recommendations are not to use it unless disabling it prevents some function you need.
Okay, okay!
But how is it possible, that it bypasses the output chain???
Because it bypasses those, as Mikrotik programmed it. Hoping that the port opened is statefull.
Port 5678/UDP is also the Neighbours port to see other Mikrotik routers.
I like the internet detect concept … but agree it’s implementation seems under-thought and more often problematic than helpful.
But there is the Packet Flow Diagrams. And by all measures that traffic should be a “router process” starting a “local out”, and thus captured by firewall. I’d have to study “raw” but /ip/firewall/filter should work…
This seem like a bug.