Community discussions

MikroTik App
 
efaden
Forum Guru
Forum Guru
Topic Author
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Firewall Match Packets Originating from CPU

Wed Oct 26, 2016 2:52 am

Hey,

Whats the best way to match traffic originating from the MikroTik itself? I have a default drop rule at the bottom of my input chain, but I need a way to allow mikrotik traffic itself.

I thought about src-address-type set to local, but was curious if anyone else had suggestions?

-Eric
 
User avatar
Murmaider
Member Candidate
Member Candidate
Posts: 126
Joined: Fri Oct 30, 2015 10:10 am

Re: Firewall Match Packets Originating from CPU

Wed Oct 26, 2016 7:03 am

Allow input for established and related packets
Allow outgoing packets for all
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: Firewall Match Packets Originating from CPU

Wed Oct 26, 2016 7:17 am

For that traffic the output chain is the right one. Allowing router to freely call home is also not the safest way. Use the same principles for output chain like for input chain.
 
efaden
Forum Guru
Forum Guru
Topic Author
Posts: 1708
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Firewall Match Packets Originating from CPU

Wed Oct 26, 2016 12:48 pm

Yeah, but I'm not blocking the output. I logged the default deny and that's where there are getting dropped.

Sent from my XT1575 using Tapatalk

Who is online

Users browsing this forum: hatred, lurker888 and 72 guests