The ultimate Mikrotik iptables flowchart

Even if the process only listens on specific interfaces, you can still knock out the network stack if traffic isn’t getting filtered anywhere all the way down and past the input chain. That’d definitely be a serious security flaw. Like I said before, I’ll try to dig into it more if I get some time this weekend.

if it turns out this is actually a problem, it’s time to file a CVE report. If this really is a well-known problem, you kind of have to wonder why nobody’s reported it before…