"Drop everything" rule in the end of Forward Chain

RouterOS General
1

I found in Mikrotik WIKI HOWTO “Protecting your customers”. This consist of such rules:

/ip firewall filter
add chain=forward connection-state=established comment=“allow established connections”
add chain=forward connection-state=related comment=“allow related connections”
add chain=forward connection-state=invalid action=drop comment=“drop invalid connections”
add chain=forward protocol=icmp comment=“allow ping”
add chain=forward protocol=udp comment=“allow udp”
add chain=forward action=drop comment=“drop everything else”

I tried to repeat such configuration on my router (version 2.9.38), but this disable all tfaffic through the router.
This principle (when the last rules in Input and Forward chains is “Drop everything”) works perfectly on another
router (Version 2.8.22) and as we se in WIKI on another routers as well. Why it does not work in this version?

2

you have to allowed clients src-addresses before the last drop rule.
The particular configuration allows only UDP and ICMP traffic to passtrough over the router.

3

As I understood this means to add rule:

“add chain=forward src-address=192.168.0.0/24 action=accept”

before the last “Drop everything” rule. This allows clients from inner protected network to access Internet and be safe?

4

Exactly…

You can also add your INPUT chain for proctact your MK access.

;;; Allow Established connections
chain=input connection-state=established action=accept

3 ;;; Allow UDP
chain=input protocol=udp action=accept

4 ;;; Allow ICMP
chain=input protocol=icmp action=accept

5 ;;; Allow Our Network
chain=input src-address=X.X.X.X/24 action=accept

6 chain=input src-address=X.X.X.X/24 action=accept

7 chain=input src-address=192.168.15.0/24 action=accept

8 chain=input src-address=192.168.19.51 action=accept

9 ;;;DROP OTHERS
chain=input action=drop

Rafiq…
http://forum.linux.org.bd