ip firewall rule for logging nat traffic (only 1 connection per host)

roanwifi · April 2, 2017, 6:27pm

Hi,

I’m trying to figure how to perform this:

-I want to log the internet access traffic by private IPs (NAT) but I don’t want to log all the tcp connections (eg syn status), udp packets, etc.. with a simple ip firewall rule.

I want to keep the log file as small as possible, I only need to log the destination ip (doesn’t matter the ports) so for example a web request to a site may have tens of tcp connections (html, images, etc..) but I only want to log 1 entry for the host. Also time resolution is not of much importance.

Is there a way to perform this?
Thanks!
Antonio

sash7 · April 2, 2017, 9:06pm

maybe something like this: in forward chain catch nat connections, compare destination ip with list, add new ip-s to this list.

sash7 · April 3, 2017, 11:05am

Test:

/ip firewall filter> add chain=forward in-interface=ether1-wan connection-nat-state=dstnat dst-address-list=!"nat-list" action=add-dst-to-address-list address-list="nat-list" log=yes

Correct in-interface name with yours, eventually add out-interface. rule should be first, or better behind “related established rule”

You have list with ip’s and log with all other.