Hello!
Is it possible to do selective connection tracking? In my setup the routers forward lots of traffic, but connection tracking is only required for input/output chains, not forward. Is it possible to implement to save resources?
Re: selective connection tracking
Yes you can, starting from 6.36rc, there is "raw" firewall table that have "action=no-track". it happens before connection tracking.
Re: selective connection tracking
Thanks! I'll try it when it will be released.
Re: selective connection tracking
It works very well! Thanks, MikroTik!
Re: selective connection tracking
Hi,
do I need connection tracking when there is no any firewall rule and nat on router ? I have some PPPoE Server and connection tracking is enabled on them. and I have some routers just passing traffic to other sites or other routers and connection tracking a enabled on them too. I read some post and see that connection tracking using too much cpu, is there any disadvantage to disable them ?
Thanks
do I need connection tracking when there is no any firewall rule and nat on router ? I have some PPPoE Server and connection tracking is enabled on them. and I have some routers just passing traffic to other sites or other routers and connection tracking a enabled on them too. I read some post and see that connection tracking using too much cpu, is there any disadvantage to disable them ?
Thanks
Re: selective connection tracking
connection tracking is needed for NAT and connection-state checking in the firewall. If you don't need these features, it should be safe to disable connection tracking. But it will only help if CPU is already quite loaded.