selective connection tracking

lavv17 · June 10, 2016, 1:02pm

Hello!

Is it possible to do selective connection tracking? In my setup the routers forward lots of traffic, but connection tracking is only required for input/output chains, not forward. Is it possible to implement to save resources?

macgaiver · June 10, 2016, 2:00pm

Yes you can, starting from 6.36rc, there is “raw” firewall table that have “action=no-track”. it happens before connection tracking.

lavv17 · June 16, 2016, 6:59am

Thanks! I’ll try it when it will be released.

lavv17 · October 11, 2017, 9:16am

It works very well! Thanks, MikroTik!

amt · October 11, 2017, 1:07pm

Hi,

do I need connection tracking when there is no any firewall rule and nat on router ? I have some PPPoE Server and connection tracking is enabled on them. and I have some routers just passing traffic to other sites or other routers and connection tracking a enabled on them too. I read some post and see that connection tracking using too much cpu, is there any disadvantage to disable them ?

Thanks

lavv17 · October 31, 2017, 6:18am

connection tracking is needed for NAT and connection-state checking in the firewall. If you don’t need these features, it should be safe to disable connection tracking. But it will only help if CPU is already quite loaded.