Hey,
Whats the best way to match traffic originating from the MikroTik itself? I have a default drop rule at the bottom of my input chain, but I need a way to allow mikrotik traffic itself.
I thought about src-address-type set to local, but was curious if anyone else had suggestions?
-Eric
Allow input for established and related packets
Allow outgoing packets for all
For that traffic the output chain is the right one. Allowing router to freely call home is also not the safest way. Use the same principles for output chain like for input chain.
Yeah, but I’m not blocking the output. I logged the default deny and that’s where there are getting dropped.
Sent from my XT1575 using Tapatalk