I have two subnets on for my main LAN and on for my IOT network. Traffic flows and communicates just fine when there is not a firewall rule restricting them. But as soon as I open a rule from my main LAN to my IOT network and another rule blocking my IOT network going the main LAN traffic drops. The initial traffic from my main subnet to IOT is permitted but the return traffic is not. By default tracking should be enabled. I verified that and it shows as enabled: auto. So why is my return traffic getting blocked when a stateful firewall should be allowing it?
The default configuration contains this rule:
/ip firewall
add chain=forward action=accept connection-state=established,related,untracked
If you’ve removed it or moved it down to a place where it is ineffective, you will get the behavior you see.
If that guess is wrong, then show your rules. (/ip/firewall/export)
Your config is wrong… not the routers problem, but the admins…
/export file=anynameyouwish (minus router serial number, any public WANIP information, keys )