Community discussions

MikroTik App
 
UsernameMT
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 55
Joined: Mon Nov 02, 2015 1:42 pm

The correct order of the rules in the firewall.

Fri Nov 11, 2016 9:51 am

I have long been tormented by the question, how do you all still correctly write rules in firewall? how best to do it?

in "Faerwall - Filter Rules", such as:
1) 10 rules packet mark, and then 1 rules "block" ("allow") for this "packet mark"
or
2) at once - 10 rules "block" ("allow")


PS: may be the first option will load the processor more than a second?

Thanks.
sorry for my English
 
jmay
Member
Member
Posts: 326
Joined: Tue Jun 23, 2009 8:26 pm

Re: The correct order of the rules in the firewall.

Fri Nov 11, 2016 5:37 pm

Not sure I understand the question, but the order is top down. Top rules run first. You want your accept rules at the top to accept whatever traffic you want and the drop rules below.
 
jaytcsd
Member Candidate
Member Candidate
Posts: 293
Joined: Wed Dec 29, 2004 9:50 am
Location: Pittsboro IN
Contact:

Re: The correct order of the rules in the firewall.

Sun Nov 13, 2016 12:31 am

A list of if/then rules should run faster than a list of if/mark because you have to execute all the mark rules before you start
processing them.
Putting rules most likely to be seen first will cut down on the processing time.

Who is online

Users browsing this forum: No registered users and 41 guests