Page 1 of 1

"Address List" management for Backbone RouterOS as a firewall

Posted: Tue Jun 30, 2020 10:58 am
by Landver
Hello, we had decided to install CHR as main Firewall for backbone server.
The huge problem for us is that multiple external IPs (from internet) should access multiple virtual servers behind Mikrotik

And it's not possible to manage Address Lists properly, because same IP should appear in both lists. For example lists "access to FTP server", "access to VoIP server", "MGMT access" and etc.
Plus it's not possible to add multiple address lists in the same rule. That force me to multiply number of rules for each address List.

How can I get around those limitations? At least make it possible to add same IP/FQDN into different Address Lists would make firewall config much cleaner and easier.

Re: "Address List" management for Backbone RouterOS as a firewall

Posted: Wed Jul 01, 2020 12:54 am
by Sob
One rule can't currently use multiple address lists. But same IP/FQDN can be in as many different lists as you want:
/ip firewall address-list
add address=1.2.3.4 list=test1
add address=1.2.3.4 list=test2
add address=1.2.3.4 list=test3
add address=forum.mikrotik.com list=test1
add address=forum.mikrotik.com list=test2
add address=forum.mikrotik.com list=test3
Or am I misunderstanding what you want?

Re: "Address List" management for Backbone RouterOS as a firewall

Posted: Wed Jul 01, 2020 2:11 pm
by Landver
Or am I misunderstanding what you want?
You understood me correctly. I coudn't add same IP/FQDN into different Address Lists. Not it works, don't know why :(
Thank you a lot for the reply.