Chupaka
1
When I add a rule like this:
/ip firewall filter add chain=output dst-address=192.168.0.168/255.255.0.255
it is automatically converted to this:
chain=output action=accept dst-address=192.168.0.168-192.168.255.168
But this catches addresses like 192.168.1.169, not only 192.168.X.168
Where do things go wrong?
mkx
2
Ignorance about particular use case … hence wrong conversion. Not sure why address/mask notation needs conversion to address range though.
If I may ask: what would be use case of your accept rule?
Chupaka
3
Thinking about (CG)NAT applications, Filter was just an easy example