Community discussions

MikroTik App
 
jollytall
just joined
Topic Author
Posts: 19
Joined: Sun Apr 11, 2021 4:29 pm

What does the firewall built in counter count?

Sat Apr 24, 2021 12:16 pm

In the firewall (using WebFig), the first item in the forward chain is a "special dummy rule to show fasttrack counters". If I open it, I see that it is in "forward" chain and the action is "passthrough" and nothing else is set.
So I assume any traffic that goes through the forward box in the flowchart is counted AND given to the next step.

What I did, I also added a new rule, right after this one and set it exactly to the same settings, i.e. forward, passthrough and nothing else. So I would expect that every traffic from the first rule also hits this one and again, only counted and passed on to the next rule.

Strangely enough I see totally different Bytes numbers for the two rules.
The one I see in my rule is in line with the subsequent forward rules, so I can see what happens to the bytes that go through my rule. On the built in rule I see often a much larger number and I do not understand what it counts.

Could someone help me?
 
DarkNate
Forum Veteran
Forum Veteran
Posts: 999
Joined: Fri Jun 26, 2020 4:37 pm

Re: What does the firewall built in counter count?

Sat Apr 24, 2021 1:12 pm

It counts fasttrack traffic.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: What does the firewall built in counter count?

Sat Apr 24, 2021 5:40 pm

Fasttracked traffic is hit your line once, when is not yet fasttracked. And during the lifetime of the connection, some traffic is also put trough the slow path to see if the connection is still valid.

Fastrack, only established traffic so to have it go one time the slow path through the roter before it get assigned a fast path to skip the firewall 'completely' for the rest of the connection.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11439
Joined: Thu Mar 03, 2016 10:23 pm

Re: What does the firewall built in counter count?

Sat Apr 24, 2021 8:15 pm

It's worth to mention that the rule is added automatically and hence its full properties are not known, tbere might be some bits not shown in its property list. As stated in comment it's dummy and might be just a hook into fasttrack driver, not a real firewall filter.
Thus it's probably impossible to manually replicate that rule.
 
jollytall
just joined
Topic Author
Posts: 19
Joined: Sun Apr 11, 2021 4:29 pm

Re: What does the firewall built in counter count?

Sat Apr 24, 2021 10:35 pm

Thanks, it is still a bit confusing though.
Why do the show it under firewall rules, if it behaves in a a "special" way? It could be either shown elsewhere ("traffic not touching the firewall") or e.g. I could imagine a parameter in the rule settings called like "fasttrackable" or "connection fasttracked" and the corresponding action would be Accept or a new type "Fasttrack", indicating that that traffic is not reaching further down the list.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: What does the firewall built in counter count?

Sun Apr 25, 2021 1:38 am

If you are looking for the connection look in connections to find the ones with an F in the status (first one).

If you are looking in the firewall screens for traffic that passing through you will see no Fasttracked traffic. You then think, got traffic but the counters don't add. This dummy lines are just indicators that traffic is flowing but not visible in rule counters. You can't switch off these dummy rules unless you disable fastracking and fastpath. The dummy lines will be removed on the next reboot.

When fasttracking is off then many routers will max out at about 200Mbit/s or lower while forwarding. Fasttracking is a calculated trick to have more speed at less processor power.

As I wrote before, fasttracked traffic does not hit the firewall and putting an accept or drop in has no effect once fasttracked. The indication for traffic not hitting the firewall you can see in the name Dummy in those lines. You see something that is not complete/really present.
 
jollytall
just joined
Topic Author
Posts: 19
Joined: Sun Apr 11, 2021 4:29 pm

Re: What does the firewall built in counter count?

Mon Apr 26, 2021 9:34 am

Thank you. It clarifies. At one point I will try to temporarily switch off fasttrack/fastpath, just to see the effect.

Who is online

Users browsing this forum: cmmike and 44 guests