Moving from Cisco land to Mikrotik and a tad confused with IP Firewall Filter.
I need to allow a few ports to be opened.
The internal host IP is: 192.168.1.239.
There is tcp port 15015 and udp port 49049
I have a lan interface list called ‘inside’ and a wan interface list called ‘outside’
There is no NATing required, just open these ports.
I have put the existing Cisco Pix command with what I think is the equivalent Mikrotik command but I am still getting a bit confused as to when I should be using src-address vs dst-address and also which interface when.
which passes packets of connections which have already been allowed by other rules.
Then one builds further firewall rules which then deal only with initial packets of new connections. This is important as then the meaning of in- and out- becomes clear.
In your case: if a “outside” host starts a TCP connection targeting internal host port 15015, then the initial TCP packet enters router through “outside” interface, after all the firewall decisions and route selections are done that packet will leave router through “inside”. The IP packet will originate from “outside” host and is destined to the “inside” host. Which gives:
Despites the fact that UDP is stateless (and hence it’s not possible to determine originator of a “connection” just by inspecting packets), ROS does track UDP connections as well (making them almost statefull) and the in- and out- logic is then the same as with TCP.
As you can see, in ROS in- and out- don’t have “geographical” but rather logical meaning.