Hello
As I understand in IP Firewall and Mangle conditions for rule to work are combined with “AND” operator. But is is still true for “Connection state” options (established, invalid, new …)?
As I see almost everywhere there are such rules “For NEW packet with some conditions action allow” and “For ESTABLISHED, RELATED packets action allow/fasttrack”. Are ESTABLISHED and RELATED here combined with “AND” or “OR”?
You only need to see these rules in config. I think it’s “and”.
Individual conditions are combined using logical “and”. Most of the single conditions with a comma-separated list of values (like ****
port
,
dst-port
,
src-port
) match on any of the values on the list, so you can look at that as if it expands to an “or” separated list of conditions. An exception from this is the list of values of
tcp-flags
which matches if all the flags on the list are present, so it expands to an “and” separated list of conditions.
In general it is so intuitive (in terms that the syntax is optimized for the most likely use of each particular condition) that it may confuse people who pay attention to details 
Ok, The source of question is video from last MUM
https://www.youtube.com/watch?v=nJr77a1rWRI
At 10:53 there is slide with two different rules for established and related states.
Older RouterOS supported only one connection state per rule. Some people may be simply used to it and forget that they can now have established and related as one rule. Or it may be intentional, if you want separate packet counters for established and related.
Using the previously mentionned example of dst-port, one could write:
dst-port=80, 443, 2000-2100
How could a packet have a destination port of 80 and 443 and 2000 to 2100.
So yes, for the same field, multiple values are OR’d.
Regards,
Sent from Tapatalk