Hi everyone,
I have a hEX PoE which is double NATted behind a RB3011.
This device is to have IoT devices and further a few VLANs for guests and other stuff.
At the moment I’m trying to set a blacklist to drop every IP I consider not being safe.
I’m using Fastpath+Fasttrack, although if I read correctly if I use RAW rules, it should work no problem right?
I added this rule:
[admin@MikroTik-G] /ip firewall raw> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 ;;; Drop Blacklisted
chain=prerouting action=drop log=no log-prefix=""
src-address-list=Blacklist
The rule appears to be working with a lot of packets, however I can still find lots of traffic flowing to and from the main router, as well as some Blacklisted IPs under the Connections tab generating traffic.
Am I missing something ?