i have a suggestion i want share with you and Mikrotik Dev,
i like working many times with firewall rules for testing and optimisation!
and i will be very glad if Mikrotik Dev. can add a second firewall filter rules tab.
and add a checkbox to make possible to switch between configuration firewall filter rules tab1 to firewall filter rules tab2,
without deleting anything.
im still learning english and i hope you can understand my point.
Thank you and stay safe.
An instant solution is to use a unique string, e.g. A1wQz!, as part of the comment of every rule in group 1, and another unique string, e.g. B2tFe-, as part of the comment of every rule in group 2. Once you do that, /ip firewall filter enable [find comment~“A1wQz!”] ; /ip firewall filter disable [find comment~“B2tFe-”]
will switch over from group 1 rules to group 2 rules, and /ip firewall filter enable [find comment~“B2tFe-”] ; /ip firewall filter disable [find comment~“A1wQz!”]
will switch back.
Or, if you don’t mind losing some CPU cycles on every single packet, you can use two action=jump rules as the very first ones in each chain (input, forward, maybe output) matching on src-address-list or dst-address-list:
While the address-list item is disabled, rules in group 1 are used, while it is enabled, rules in group 2 are used. Always activate safe mode before switching between groups in chain input, so that you don’t need to reset the device to defaults if you lock yourself out.
Once you find out for yourself that the few first rules in the default firewall configuration cannot be optimized any more, you can move the choice between the two groups past them, so you won’t spend the extra CPU on each packet but only on the initial one of each new connection.