FastTrack Rule and Hotspot

irghost · April 23, 2016, 9:03pm

hi all here is my filter rules for new device RB2011

when hotspot is enable and when i add fasttrack rules can even open google.com
if i disable hotspot fasttrack works fine or if i disable fasttrack hotspot works fine but they dont work with each other
what i do wrong help me plz !!!

flynno · April 23, 2016, 10:27pm

I guess leave it disabled if it’s causing problems

irghost · April 24, 2016, 7:39am

i wanna use it because its have better performance for device (i have PCC Loadbalance over 3 PPPoE) and when i download with full speed cpu usage just been around 25% at same speed without fasttrack its 60%

irghost · April 24, 2016, 12:04pm

Help me

sash7 · April 24, 2016, 2:22pm

irghost post firewall rules with:
/ip firewall filter export

irghost · April 24, 2016, 4:01pm

add action=drop chain=input connection-state=invalid
add chain=input connection-state=established,related
add action=add-dst-to-address-list address-list=Anti-Filter address-list-timeout=1h chain=\
    forward dst-address-list=!mylocal layer7-protocol=Anti-Filter
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=input dst-port=53 in-interface=all-ppp protocol=udp
add action=add-src-to-address-list address-list=TCP-Connection-blacklist \
    address-list-timeout=1d chain=input dst-port=20,21,22,23,53,80,443,2000 in-interface=\
    all-ppp protocol=tcp
add action=drop chain=input comment="Drop Special ports" connection-state=\
    invalid,established,related,new in-interface=all-ppp src-address-list=\
    TCP-Connection-blacklist
add action=add-src-to-address-list address-list=Port-Scanners chain=input in-interface=\
    all-ppp psd=21,3s,3,1
add action=drop chain=input comment="Drop Port Scanners" connection-state=\
    invalid,established,related,new in-interface=all-ppp src-address-list=Port-Scanners
add action=add-src-to-address-list address-list=DDosers-block-list address-list-timeout=1w \
    chain=input connection-limit=32,32 in-interface=all-ppp
add action=drop chain=input comment="Drop DDos" connection-state=\
    invalid,established,related,new in-interface=all-ppp src-address-list=\
    DDosers-block-list
add action=drop chain=input comment="Drop All" connection-state=\
    invalid,established,related,new in-interface=all-ppp log=yes src-address-list=!mylocal