I deleted my fastforward rule instead of dissabling it when I started using QOS. I am having a bit of a problem with QOS at the moment and would like to disable that and re-instate the fastforward firewall rule. Can anybody give me a leg-up please. firewalls arn’t my strong point! hAP-ax
Did you mean Fast-Track?
Yes that 
Don’t worry I’ve reset the device!
There is not much to it. Reboot after applying these rules. If you Marked your QOS, you could also use connection-mark=no-mark in the Fast-track rule.
add action=accept chain=input comment="Established, Related, Untracked" connection-state=established,related,untracked
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
add action=accept chain=forward comment="Established, Related, Untracked" connection-state=established,related,untracked
Thanks for that much appreciated
<3.
I’m reloading my config and forcing myself to DO it!
Their we go, does it matter that the rule is at the bottom ?
The order does matter. export all of your /ip firewall filter and share them.
I’m having masive problems here, I’ve downgraded to 7.9 now.
Edit: Also using simple queues with that stock firewall
Rules:
Flags: X - disabled, I - invalid; D - dynamic
0 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
1 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid
2 X ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""
3 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
4 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN
5 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
6 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
7 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
8 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
9 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
In the screenshot, you have at least 13 filter rules. Now you have less than that. What is going on?
/ip firewall filter
add action=accept chain=input comment="Established, Related, Untracked" connection-state=established,related,untracked
add chain=input action=drop connection-state=invalid
add chain=input action=accept protocol=icmp log=no log-prefix=""
add chain=input action=accept dst-address=127.0.0.1
add chain=input action=drop in-interface-list=!LAN
add chain=forward action=accept ipsec-policy=in,ipsec
add chain=forward action=accept ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment=FastTrack connection-state=established,related
add action=accept chain=forward comment="Established, Related, Untracked" connection-state=established,related,untracked
add chain=forward action=drop connection-state=invalid
add chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN
Yes I’ve downdraged to 7.9 from 7,10 and reloaded my working config again hence less rules, My queues were are a mess since I updated to 7.10 yesterday I was just wanting to try FastTrack to see if that was working ok. WFH is arriving back soon so I only have a short window to play so i need to move fast
I see, so the order in post #12 is okay if you wish to use it.
Thankyou so much @own3r1138 I will add those fresh next chance i get.
I’m out of time! arrrrrrrrrrgghh WFH is back.
I feel I need to add WFH is Work From Home, not the wife!
I think the best thing to do now is export my config and add those.
Edit:
So this is the same but i just wanted to keep the format the same as whats in the .rsc file before uploading when next able.
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN