Is it destination port to MY PC? Or destination port from my PC to other server?
I think it is destination port to Server. But this confuses me. For example this rule
/ip firewall mangle add chain=prerouting dst-address=10.111.0.0/24 action=accept in-interface=LAN[
It is trying to match packet that is destined to 10.111.0.0/2 but at the same time packet that come in to LAN? shouldn’t it be OUT-INTERFACE of WAN??
Hello
You have to many questions for too little information for us to use. Please explain what you wish to achieve.
Dst-port is the protocol port of the destination based on the application you are using. For example, the destination port of a web server you wish to reach is 80 (tcp protocol) or 443 if it’s a secure server.
Lite I said, give more information and then dungeons can talk more about in and out interfaces.
Regards
Sent from Tapatalk
…someone, not dungeon 
Sent from Tapatalk
Hi sorry for being unclear. I am just confuse on what the relative direction when it says dst-port. The packet going out from my PC will have dst-port to server. The packet coming in to my PC will have dst-port for my PC. So what direction does mangle rule care about?
Dst-port is for whoever is receiving the traffic . that’s it! No need to over think it
So, based on the other matchers, it can become very easy to see when the filter (rule) applies and to what.
If the in interface for example, is wan, then dst-port is for one Of your devices getting traffic from outside. If you want to be more specific, add more matchers on your filter.
I hope this makes it clearer.
Sent from Tapatalk
As @Alain already explained: generally when thinking about src and dst (and dst_port in particular) one should take perspective of IP packet.
IP packet started from src (IP address, TCP/UDP port) and tries to go to dst (IP address, TCP/UDP port). IP packet doesn’t care which physical interfaces are on the way and how they are named by router administrator nor in which direction it will pass a particular router (left or down)…