Does anyone know what this specifically does?
add connection-state=invalid action=drop
comment=“Drop invalid connection packets”
http://www.mikrotik.com/docs/ros/2.8/ip/firewall.content
I don’t know if the older manuals made reference to dropping invalid connections. This is the first time I’ve seen this done. I am wondering in what cases would an invalid connection be still in the connection table? I’ve added this rule to the top of our development routers ruleset (above tcp est) and notice it has dropped a few since adding, but I am not 100% sure what it is doing.