The built-in firewall in Linux (iptables / nftables(nft)) has counters for each rule (–> see “iptables -L -n -v”).
By this, one sees how many times each filter rule did match, which is also very useful when debugging the filter rules.
In RouterOS (/ip firewall filter) this feature seems to be missing, isn’t it?
But since ROS under the hood is using Linux, then it should be easily possible to make these counters avail also in ROS.
Ie. a task for the MikroTik SW developers.
Is this what you’re looking for?
/ip firewall filter print value-list stats
/ipv6 firewall filter print value-list stats
Edit: I guess this doesn’t help, right? I think proper solution would be for the count to be a property of the rule, so that we could have a way of obtaining only the count value (not an entire descriptive line which needs to be parsed to extract the count)
That’s indeed what I mean! 
Already built-in, that’s cool!
Thx
I just now noticed how weird it shows thousands and millions, with a whitespace where there should be a comma. Be careful with that.
Maybe this is already possible. Maybe a script guru can answer this → s.a. Scripting forum https://forum.mikrotik.com/viewforum.php?f=9.
But there is a related issue, IMO even more important :
A similar counter (numPackets and sumBytes) for each address ( /ip firewall address-list ) seems to be missing in ROS.
In Linux one can use the ipset utility for defininig such IP address lists,
each such list can have a default timeout, user can define also an individual timeout for each address
(after which the item autom. gets removed from the list).
Each address can have also such counters. One can use this then in iptables firewall rules.
For example if the packet counter of a blocked IP becomes > 10 then do a user defined action…
It’s a very powerful feature, IMO. Would be nice if such counters were possible also in ROS under /ip firewall address-list,
and of course making use of it in the /ip firewall filter rules.
I’ve not followed the changelog of RouterOS since the above posting of mine,
but I need such a timeout feature for list items (ie. like the iptables/nftables tool ipset in Linux;
cf. https://ipset.netfilter.org/ipset.man.html#lbAJ ).
The nice thing about timeout is that the added item autom. gets removed after the elapsing of the timeout seconds.
This hugely simplifies firewall code for blocking of attackers, and also for other use-cases like portknocking.
My main firewall strategy on Linux boxes is based on this smart feature.
So, in my RouterOS firewalls I would like to use the same feature.
Is such a timeout feature now possible in the RouterOS firewall lists? Is it on the TODO list?