Dude traffic and firewall

expert · July 30, 2018, 3:46pm

I have CCR1009 device running Dude and monitoring itself. The device has also configured firewall filters entirely based on interface lists.
However, Dude traffic doesn’t seem to have any in-interface and out-interface. Here’s how the traffic appears in the log:

17:36:54 firewall,info DUDE input: in:(unknown 1) out:(unknown 0), proto ICMP (type 8, code 0), 192.168.99.1->192.168.99.1, len 56 
17:36:57 firewall,info DUDE input: in:(unknown 1) out:(unknown 0), proto UDP, 192.168.99.1:53921->192.168.99.1:53, len 62 
17:37:03 firewall,info DUDE input: in:(unknown 1) out:(unknown 0), proto TCP (SYN), 192.168.99.1:58651->192.168.99.1:8291, len 60 
17:37:11 firewall,info DUDE input: in:(unknown 1) out:(unknown 0), proto TCP (SYN), 192.168.99.1:43049->192.168.99.1:22, len 60

Q: is there any way how to create firewall filter rule that will match such traffic, other than with the same src-address and dst-address?

expert · July 31, 2018, 6:18pm

Solved, the following rule works:

/ip firewall filter add chain=input dst-address-type=local src-address-type=local action=accept comment="Allow local traffic"