Community discussions

 
irghost
Member Candidate
Member Candidate
Topic Author
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

FastTrack Rule and Hotspot

Sun Apr 24, 2016 12:03 am

hi all here is my filter rules for new device RB2011
Image
when hotspot is enable and when i add fasttrack rules can even open google.com
if i disable hotspot fasttrack works fine or if i disable fasttrack hotspot works fine but they dont work with each other
what i do wrong help me plz !!!
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
flynno
Member Candidate
Member Candidate
Posts: 241
Joined: Wed Aug 27, 2014 8:11 pm

Re: FastTrack Rule and Hotspot

Sun Apr 24, 2016 1:27 am

I guess leave it disabled if it's causing problems
 
irghost
Member Candidate
Member Candidate
Topic Author
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: FastTrack Rule and Hotspot

Sun Apr 24, 2016 10:39 am

I guess leave it disabled if it's causing problems
i wanna use it because its have better performance for device (i have PCC Loadbalance over 3 PPPoE) and when i download with full speed cpu usage just been around 25% at same speed without fasttrack its 60%
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
irghost
Member Candidate
Member Candidate
Topic Author
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: FastTrack Rule and Hotspot

Sun Apr 24, 2016 3:04 pm

Help me
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
sash7
Frequent Visitor
Frequent Visitor
Posts: 69
Joined: Sun Mar 20, 2016 10:39 pm

Re: FastTrack Rule and Hotspot

Sun Apr 24, 2016 5:22 pm

irghost post firewall rules with:
/ip firewall filter export
 
irghost
Member Candidate
Member Candidate
Topic Author
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: FastTrack Rule and Hotspot

Sun Apr 24, 2016 7:01 pm

irghost post firewall rules with:
/ip firewall filter export
add action=drop chain=input connection-state=invalid
add chain=input connection-state=established,related
add action=add-dst-to-address-list address-list=Anti-Filter address-list-timeout=1h chain=\
    forward dst-address-list=!mylocal layer7-protocol=Anti-Filter
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward connection-state=established,related
add action=drop chain=forward connection-state=invalid
add action=drop chain=input dst-port=53 in-interface=all-ppp protocol=udp
add action=add-src-to-address-list address-list=TCP-Connection-blacklist \
    address-list-timeout=1d chain=input dst-port=20,21,22,23,53,80,443,2000 in-interface=\
    all-ppp protocol=tcp
add action=drop chain=input comment="Drop Special ports" connection-state=\
    invalid,established,related,new in-interface=all-ppp src-address-list=\
    TCP-Connection-blacklist
add action=add-src-to-address-list address-list=Port-Scanners chain=input in-interface=\
    all-ppp psd=21,3s,3,1
add action=drop chain=input comment="Drop Port Scanners" connection-state=\
    invalid,established,related,new in-interface=all-ppp src-address-list=Port-Scanners
add action=add-src-to-address-list address-list=DDosers-block-list address-list-timeout=1w \
    chain=input connection-limit=32,32 in-interface=all-ppp
add action=drop chain=input comment="Drop DDos" connection-state=\
    invalid,established,related,new in-interface=all-ppp src-address-list=\
    DDosers-block-list
add action=drop chain=input comment="Drop All" connection-state=\
    invalid,established,related,new in-interface=all-ppp log=yes src-address-list=!mylocal
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE

Who is online

Users browsing this forum: No registered users and 128 guests