Community discussions

 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

rules order in raw firewall change

Sat Nov 03, 2018 11:34 am

Hello,
we have some CCR 1036 and we have some raw firewall rules in our ccr's when we reboot the router or in such special case rules order will change. so is there anyway save rules order in raw firewall filtering?
because i have some rules for block special ports and when the rules order change my router cpu will increase up to %50.
thank you.
 
User avatar
xvo
Member
Member
Posts: 411
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: rules order in raw firewall change

Sat Nov 03, 2018 12:55 pm

It shouldn't change on its own.
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

Re: rules order in raw firewall change

Sat Nov 03, 2018 1:13 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
 
User avatar
xvo
Member
Member
Posts: 411
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: rules order in raw firewall change

Sat Nov 03, 2018 2:49 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
Are you sure they aren't just sorted?
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 604
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: rules order in raw firewall change

Sat Nov 03, 2018 2:57 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
Are you sure they aren't just sorted?
Agreed. I do that sometime by mistake. Just click on the sequencial numbers column and it should be ok.


Sent from Tapatalk

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
User avatar
mozerd
Member Candidate
Member Candidate
Posts: 258
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: rules order in raw firewall change

Sat Nov 03, 2018 3:00 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh.
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

Re: rules order in raw firewall change

Sat Nov 03, 2018 3:04 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh.
we have several ccr and all of them has same issue so its not related to one device
 
mkx
Forum Guru
Forum Guru
Posts: 2925
Joined: Thu Mar 03, 2016 10:23 pm

Re: rules order in raw firewall change

Sat Nov 03, 2018 4:15 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
You're mentioning dynamic rules ... those obviously don't survive reboots. If you want those higher than static rules, you have to push them up when creating them.
BR,
Metod
 
User avatar
mozerd
Member Candidate
Member Candidate
Posts: 258
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: rules order in raw firewall change

Sat Nov 03, 2018 6:11 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh.
we have several ccr and all of them has same issue so its not related to one device
The number of CCR in place is not relevent = and if all your CCR's are displaying the exct same behaviour then you need to correct the issue for all of them. Make sure that your scripts, assuming you have some scripts that fire based on some condition, are correctly done. If no scipts exists and youir rule order canges without your implied consent THAT usually indicates someone [processes] is making changes a sure sign that your machines have been taken over. Netinsall is the safe way to bring back sanity to your CCR's.
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

Re: rules order in raw firewall change

Sat Nov 03, 2018 6:16 pm

how can i manage dynamic rules that be always top of my rules after restart?
 
blackmetal
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Mon Aug 16, 2010 9:01 am

Re: rules order in raw firewall change

Sat Nov 03, 2018 6:17 pm

they should not yes, but i have this issue and also they will be upper of dynamic rules in raw tab
If you rules order has changed without your knowledge it means your system is compromised. I suggest that you NETINSTAL and start fresh.
we have several ccr and all of them has same issue so its not related to one device
The number of CCR in place is not relevent = and if all your CCR's are displaying the exct same behaviour then you need to correct the issue for all of them. Make sure that your scripts, assuming you have some scripts that fire based on some condition, are correctly done. If no scipts exists and youir rule order canges without your implied consent THAT usually indicates someone [processes] is making changes a sure sign that your machines have been taken over. Netinsall is the safe way to bring back sanity to your CCR's.
all of our routers has private ip and they have winbox ip limitation and firewall protection and if somebody touch my router why does he only touch rules order! if i have access to a router sure i will change password :P and i have checked the logs there is no log in my syslog server that some one login to my router illigaly
 
mkx
Forum Guru
Forum Guru
Posts: 2925
Joined: Thu Mar 03, 2016 10:23 pm

Re: rules order in raw firewall change

Sat Nov 03, 2018 9:20 pm

how can i manage dynamic rules that be always top of my rules after restart?
Depends how rules get added. With /ip firewall raw add you can use place-before=x ... where x is place where you want to put the new rule. If the rules are created and you can not influence the order, you can write a script which pushes all dynamic rules before static ones ... and run that script every minute or so ...
BR,
Metod

Who is online

Users browsing this forum: No registered users and 94 guests