What is a Max number of Firewall rules?

fcorvalan · July 30, 2008, 1:29pm

I have a problem with a number of rules in firewall/rules
I need autenticate users for ISP Service.. This is a config:

/ip firewall filter
add action=accept chain=forward comment=“USER 1” disabled=no
in-interface=ether2 src-address=192.168.103.11
add action=accept chain=forward comment=“USER 2” disabled=no
in-interface=ether2 src-address=192.168.103.13
.
.
add action=accept chain=forward comment=“USER 300” disabled=no
in-interface=ether2 src-address=192.168.104.204
src-mac-address=00:11:3B:01:02:B6
add action=drop chain=input comment=“Block no autorized User” disabled=no \ in-interface=ether2

With 150 rules running ok this control, but with 300 rules not block user in last rule.
What is the limit? Have a L3 licence, 3.11 version. Change with L4 or L5 or L6?
Thanks for response!
Fernando

normis · July 31, 2008, 6:04am

there should be no limit to firewall rules, but better put all those IPs into one address list, and then just make one firewall that will accept addresses from that list.

http://www.mikrotik.com/testdocs/ros/3.0/qos/address_list.php

Chupaka · July 31, 2008, 10:24am

unfortunately, it’s not possible with the last rule, containing MAC filter

fcorvalan · July 31, 2008, 1:14pm

Last rule is for block all traffic not autorized in 1 to 300 rule.
With this rules (1 to 300) validate IP address or IP+MAC (for more security)
Modified config for use “address lists” and “ARP static” (manual) in internal NAT Interface (ether2).
Thanks for your response

Fernando
(sorry for my short english )