Hi.
I’m running RouterOS 7.3.1 on a RB5009.
I have 2 DNS servers at home and I want to log the DNS requests from all the IP addresses except those two servers. In the firewall, I have created the two following rules:
/ip firewall filter
add action=accept chain=forward dst-port=53 log=yes log-prefix=_dns2 out-interface=vlan1609-spf1-ptp-dvblab protocol=udp \
src-address=!192.168.69.2
add action=accept chain=forward dst-port=53 log=yes log-prefix=_dns3 out-interface=vlan1609-spf1-ptp-dvblab protocol=udp \
src-address=!192.168.69.3
From what I understand, those rules should accept and log all the traffic to the udp port 53 coming from any IP except 192.168.69.2 and 192.168.69.3. But in the logs i get the following messages:
11:07:56 firewall,info _dns3 forward: in:vlan69-data out:vlan1609-spf1-ptp-dvblab, src-mac 6e:dd:5f:40:06:68, proto UDP, 192.168.69.2:55996->8.8.8.8:53, len 71
11:07:56 firewall,info _dns3 forward: in:vlan69-data out:vlan1609-spf1-ptp-dvblab, src-mac 6e:dd:5f:40:06:68, proto UDP, 192.168.69.2:51263->9.9.9.9:53, len 71
11:09:57 firewall,info _dns3 forward: in:vlan69-data out:vlan1609-spf1-ptp-dvblab, src-mac 6e:dd:5f:40:06:68, proto UDP, 192.168.69.2:27622->8.8.8.8:53, len 71
11:09:57 firewall,info _dns3 forward: in:vlan69-data out:vlan1609-spf1-ptp-dvblab, src-mac 6e:dd:5f:40:06:68, proto UDP, 192.168.69.2:27373->9.9.9.9:53, len 71
Looks like the firewall rule is ignoring the ! in front of the ip addresses, or, am I wrong?
Thanks in advance.
Regards