I'd love for the firewall to automatically open ports matching NAT entries.
If I NAT port 80 in ether1 to an on ether2, I'd like to see a firewall rule dynamically created that is in-interface-ether1, port 80.
/ip firewall filter add action=accept chain=forward connection-nat-state=dstnat
Code: Select all
/ip firewall filter
add chain=forward connection-nat-state=dstnat action=accept