Hello!
Please tell me, is it correct that the router L2tp roll shows packet movement all the time? If you don’t have a l2tp connection, you don’t have to? Is the roll in the wrong order in the configuration? Maybe you need something extra?
My configs below …
Thank you.
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="boggon input drop" in-interface=WAN \
src-address-list=BOGONa
add action=accept chain=input comment=L2TP connection-state=new dst-port=\
500,1701,4500 in-interface=WAN protocol=udp
add action=accept chain=input comment="IKE IPSec" protocol=ipsec-esp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=\
invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN