Hi, noted some newly added SRC-NAT rules just do now work (packet with LAN src IP goes to the wild internet), until I reboot RouterBOARD 2011…
I’ve detected this twice already … any hints? Is this possible?
you can add firewall filter rule that drops packets from invalid connections (non-existant)
ip firewall filter add chain=forward connection-state=invalid action=dropsome programs sometimes send several packets to close connection etc. and these can get out as router already closes connection and it is not marked for source-nat anymore.
well, today morning it works correctly, in the evening I’ve added drop-rule for invalid as you suggested … but in the evening, while drop-rule already was there, it wasnt work … strange, wasnt it?