Hi,
Can someone please help?
Is it possible to allow system updates while drop the rest or I have to disable filter #8 every time I check for updates?
"Check For Updates" is working only if firewall filter #8 is disabled.
Currently using RB951Ui-2HnD v6.38.5 and want to update v6.39 thru online.
Here's my config(filter):
[admin@MikroTik] > /ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 XI ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 XI chain=input action=accept protocol=icmp log=no log-prefix=""
2 XI chain=input action=accept connection-state=established log=no log-prefix=""
3 XI chain=input action=accept connection-state=related log=no log-prefix=""
4 ;;; Allow to Check for Updates
chain=input action=accept layer7-protocol=mikrotik.com in-interface=ether1-wan log=yes log-prefix="sysupd-"
5 ;;; Allow WAN Administration
chain=input action=accept connection-state="" protocol=tcp in-interface=ether1-wan dst-port=8291,443,22 log=no log-prefix=""
6 chain=input action=accept protocol=udp in-interface=ether1-wan dst-port=123 log=no log-prefix=""
7 chain=input action=accept protocol=icmp in-interface=ether1-wan log=no log-prefix=""
8 chain=input action=drop in-interface=ether1-wan log=no log-prefix=""
[admin@MikroTik] >
Here's my config(nat):
[admin@MikroTik] > /ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 XI ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 chain=srcnat action=masquerade out-interface=ether1-wan
2 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=10.0.0.0/24 log=no log-prefix=""
[admin@MikroTik] >
Here's my config(layer7-protocol):
[admin@MikroTik] > /ip firewall layer7-protocol print
NAME REGEXP
0 mikrotik.com
[admin@MikroTik] >
Here's my log (last 10mins):
21:44:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:44:30 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:35741, len 237
21:45:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:45:29 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 38:60:77:7b:55:b7, proto UDP, 192.168.11.116:138->192.168.11.255:138, len 229
21:45:29 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:54445, len 237
21:46:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:46:21 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 202.90.132.242:123->192.168.11.2:123, len 76
21:46:28 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:39826, len 237
21:46:59 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 192.168.11.1:138->192.168.11.255:138, len 232
21:46:59 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 192.168.11.1:138->192.168.11.255:138, len 235
21:47:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:47:27 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:52074, len 237
21:48:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:48:26 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:55661, len 237
21:49:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:49:25 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:33347, len 237
21:50:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:50:19 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 70:71:bc:7c:a2:1c, proto UDP, 192.168.11.111:138->192.168.11.255:138, len 229
21:50:24 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:33060, len 237
21:50:51 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 202.90.132.242:123->192.168.11.2:123, len 76
21:51:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:51:24 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:37437, len 237
21:52:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:52:23 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:59587, len 237
21:53:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:53:21 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto TCP (ACK,PSH), 216.58.203.34:443->192.168.11.2:38000, len 115
21:53:22 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:59027, len 237
21:54:00 firewall,info sysupd- input: in:ether1-wan out:(none), proto UDP, 192.168.11.2:46518->255.255.255.255:5678, len 141
21:54:21 firewall,info sysupd- input: in:ether1-wan out:(none), src-mac 10:6f:3f:f7:c1:35, proto UDP, 8.8.4.4:53->192.168.11.2:57220, len 237
Thanks in advance,
-kikigak
(2-weeks newbie here)