how to translate these rules

onlineuser · November 16, 2015, 9:50pm

Hello,

I found on my OpenWrt router some default firewall rules.
These rules makes sense and are clear how to realize it on ROS.

DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

But how can these rules be realized in ROS and which sense have these rules?

ACCEPT     gre  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags:SYN/SYN

onlineuser · November 19, 2015, 6:26am

noone?

pe1chl · November 19, 2015, 9:59am

Such rules are in a MikroTik by default. Apparently you have modified it.
The match for connection state is in the add rule page, when you expand it you can tick those options you mention.

onlineuser · November 20, 2015, 12:30pm

The first and second rule is a default rule but per default there were set 5 rules.

3 ACCEPT     gre  --  anywhere             anywhere
4 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
5 REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
6 TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
7 DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags:SYN/SYN

What does the grep stand for in the rule #3?

How can I set the parameter icmp-port-unreachable in ROS?

What does reject with tcp-reset mean?

How can I configure the rule #6 and rule #7 in ROS?