rules order in raw firewall change

blackmetal · November 3, 2018, 9:34am

Hello,
we have some CCR 1036 and we have some raw firewall rules in our ccr’s when we reboot the router or in such special case rules order will change. so is there anyway save rules order in raw firewall filtering?
because i have some rules for block special ports and when the rules order change my router cpu will increase up to %50.
thank you.

xvo · November 3, 2018, 10:55am

It shouldn’t change on its own.

blackmetal · November 3, 2018, 11:13am

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab

xvo · November 3, 2018, 12:49pm

Are you sure they aren’t just sorted?

AlainCasault · November 3, 2018, 12:57pm

Agreed. I do that sometime by mistake. Just click on the sequencial numbers column and it should be ok.

Sent from Tapatalk

mozerd · November 3, 2018, 1:00pm

If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh.

blackmetal · November 3, 2018, 1:04pm

we have several ccr and all of them has same issue so its not related to one device

mkx · November 3, 2018, 2:15pm

You’re mentioning dynamic rules … those obviously don’t survive reboots. If you want those higher than static rules, you have to push them up when creating them.

mozerd · November 3, 2018, 4:11pm

The number of CCR in place is not relevent = and if all your CCR’s are displaying the exct same behaviour then you need to correct the issue for all of them. Make sure that your scripts, assuming you have some scripts that fire based on some condition, are correctly done. If no scipts exists and youir rule order canges without your implied consent THAT usually indicates someone [processes] is making changes a sure sign that your machines have been taken over. Netinsall is the safe way to bring back sanity to your CCR’s.

blackmetal · November 3, 2018, 4:16pm

how can i manage dynamic rules that be always top of my rules after restart?

blackmetal · November 3, 2018, 4:17pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab

If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh.

we have several ccr and all of them has same issue so its not related to one device

The number of CCR in place is not relevent = and if all your CCR’s are displaying the exct same behaviour then you need to correct the issue for all of them. Make sure that your scripts, assuming you have some scripts that fire based on some condition, are correctly done. If no scipts exists and youir rule order canges without your implied consent THAT usually indicates someone [processes] is making changes a sure sign that your machines have been taken over. Netinsall is the safe way to bring back sanity to your CCR’s.

all of our routers has private ip and they have winbox ip limitation and firewall protection and if somebody touch my router why does he only touch rules order! if i have access to a router sure i will change password and i have checked the logs there is no log in my syslog server that some one login to my router illigaly

mkx · November 3, 2018, 7:20pm

Depends how rules get added. With /ip firewall raw add you can use place-before=x … where x is place where you want to put the new rule. If the rules are created and you can not influence the order, you can write a script which pushes all dynamic rules before static ones … and run that script every minute or so …