mangle accept rules on wan dhcp networks

RouterOS Beginner Basics
1

Good day:

On page 20 of this pdf https://mum.mikrotik.com/presentations/PL12/Load_Balancing_workshop.pdf

They say:

Traffic to Connected Networks

  • As connected routes are available only in “main” routing table, it is necessary that traffic to connected networks stay in “main” routing table
  • This will also allow proper communication between locally and remotely connected clients

11.11.11.0 wan1 network
12.12.12.0 wan2 network
192.168.88.0 lan network

/ip firewall mangle add chain=prerouting src-address=192.168.88.0/24 dst-address=11.11.11.0/24 action=accept
/ip firewall mangle add chain=prerouting src-address=192.168.88.0/24 dst-address=12.12.12.0/24 action=accept
/ip firewall mangle add chain=prerouting src-address=192.168.88.0/24 dst-address=192.168.88.0/24 action=accept

how can I achieve the first two rules with dhcp wan clients?

Thanks in advance

2

First question is if you really need it. It’s not required for routing to internet. Do you need to access anything in those subnets? If yes, then you’re looking for dhcp lease script (see manual) and you need to update rules from there. Next question is what exactly you need to access. If it’s just some modem or upstream router, i.e. single address which is also default gateway, then it can be very simple. Just mark rules with comment=“some_unique_value” and script can be (from top of my head, not tested):

:if ($bound=1) do={
  /ip firewall mangle set [/ip firewall mangle find where comment="some_unique_value"] dst-address=${gateway-address}
}

Adding whole subnet would be more complicated, because that doesn’t exist as predefined variable.