Community discussions

MikroTik App
 
Hoov
Member Candidate
Member Candidate
Topic Author
Posts: 114
Joined: Fri Mar 30, 2018 9:08 am
Location: NE Michigan

Firewall rule effectiveness

Sun Nov 25, 2018 1:28 pm

Is there a way to judge how effective a firewall rule is? For instance if I have a drop rule that everything gets checked by, but it never drops anything, then I can get rid of it and improve the throughput of the router. I know how to see how much traffic is going thru a rule, but how do I see if it is actually doing anything?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Firewall rule effectiveness

Sun Nov 25, 2018 2:20 pm

I you have a rule above that accept anything, the block rule below will not get anything.

You can use the counter in the "ip firewall" window to see what rule that are used.
Firewall rule are looked at from top to bottom.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19105
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Firewall rule effectiveness

Sun Nov 25, 2018 4:54 pm

Add log prefix to the rule and then view your logs.
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1120
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Firewall rule effectiveness

Mon Nov 26, 2018 11:18 pm

Firewall rules run from top to bottom. It's good practise to have a "drop all" at the bottom anyway but if you wanted something as a counter then yes you could move it higher up. Due to the way traffic "cascades" though if a packet matches on a rule higher up then it won't cascade to the lower rules.
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1174
Joined: Fri Jul 28, 2017 2:53 pm

Re: Firewall rule effectiveness

Tue Nov 27, 2018 4:20 pm

Everything that is not allowed from above is forbidden by drop rule - that's where you can see the operation of the counter.

Who is online

Users browsing this forum: dozer46 and 39 guests