Help with firewall drop rules priority

jennerfernandesfilho · January 22, 2023, 2:04am

Hi there,

I have installed a Mikrotik RB750g3 on my environment, and i did the follow schema.

I have two networks, a DMZ and LAN. And the traffic between is limited. Basically, the only traffic allowed from the LAN is the Web Server access who’s has located in DMZ. So, I did the follow configuration.

I create a rule to allow the source and destination IP address and ports forward traffic to my Web Server and near bellow, a rule to drop every traffic else. But, when I enable the drop rule, all my traffic is dropped, include the traffic that I set to be allowed above.

A think that maybe issue of priority, but I can’t make it work!

Someone can Help?

anav · January 23, 2023, 2:00am

Sure
/export file=anynameyouwish ( minus router serial # and any public WANIP information )

mkx · January 23, 2023, 7:05am

Firewall rules are evaluated from top to bottom. And that’s the priority. So if rules are in order you described with so many words, then your allow rule is faulty and doesn’t really catch the traffic it’s supposed to. So follow advice by @anav … and describe (with details) what kind of traffic is supposed to be allowed. Then we (@anav in particular ) will be able to check validity of your setup.

Please post complete config, sometimes reason for something not working hides in configuration subtree which inexperienced user doesn’t suspect.