Questions about "Use host names in firewall rules"

moveik · December 25, 2020, 2:22pm

Link to the wiki:
https://wiki.mikrotik.com/wiki/Use_host_names_in_firewall_rules

It says “Note: Applies only for RouterOS versions up to version v6.36.”.
Why it isn’t possible for versions greater than v6.36 ?
There’s a typo:

/ip firewall filter add chain=ouput dst-address-list=host_mikrotik action=accept

Instead of “chain=ouput”, should be “chain=output”.
3. Consequently to the previous clause:
The chain to which the firewall rule should be added is “forward”, not “output”.
Do you agree?

Sob · December 25, 2020, 6:30pm

In newer versions you can put hostname directly in address list and system will resolve it automatically (and refresh it when its ttl expires). So it’s easier and script is not needed. But if for some reason you like script better, you can keep using it.

The right chain depends on what you’re trying to do. Output is not necessarily incorrect, even though forward is probably more likely.

moveik · December 25, 2020, 8:21pm

I wasn’t aware that it is possible.

I tried it and it works!!
This router is so good, I’m really glad I bought it despite of my initial concerns.

erkexzcx · December 27, 2020, 3:33pm

This router is so good, I’m really glad I bought it despite of my initial concerns.

Kinda the same here. Thanks to my previous job I had to deal with Mikrotik routers. They significantly boosted my understanding of networking.