Page 1 of 1

Bypass firewall for one interface?

Posted: Wed Oct 11, 2017 9:16 am
by sporkman
Not quite sure how to describe this - assume a Mikrotik router with the stock config/rules. Everything going out ether1 is NAT'd (masqueraded) and the inbound firewall rules are unchanged. Router has a single static IP on ether1 in a /30. An additional /30 is routed to the external interface upstream.

If I want to stick that extra /30 on a VLAN interface and have that interface bypass all firewall rules and NAT rules, what's the easiest way to do that? Add a firewall rule that matches the routed /30 to the input chain and then make my masquerade rule match on the source IP of the default LAN only?