Community discussions

MikroTik App
 
mjmabs
just joined
Topic Author
Posts: 17
Joined: Tue Feb 12, 2013 11:54 pm

6.48.2 Firewall Question

Wed Jun 09, 2021 10:43 pm

I have several CCR and other series routers running on different carriers and as part of a general bad traffic drop I have several lines at the start of the firewall which drop traffic if they match an ip address listed in source or destination list. I have noticed over the last several days adding an ip address or an ip subnet blocks to the address list doesn't have any effect in the traffic being stopped or killed. Our daily watched address list is only two dozen entries big (flush into a larger file every 48 hours for distribution throughout the routers). I have tried killing all active connections listed under "Connections" and waiting a few minutes for a change but still nothing. I end up having to add a separate firewall drop line with the specific address in it to stop the traffic below the general bad traffic drop line.

Firewall Filter line:
add action=drop chain=forward comment="Drop List" in-interface=gateway src-address-list=blacklist
or
add action=drop chain=forward comment="Drop List" src-address-list=blacklist

Firewall Address List Entry
add address=87.246.7.228 list=blacklist

End up having to add this line to kill the traffic
add action=drop chain=forward src-address=87.246.7.228

Has anyone seen similar activity or have any idea of what could be wrong?

Example of Unit Load: CCR1036 running 300Mbps Internet with 444 firewall rules, nat, mangle, and about 37k in address list entries

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], GoogleOther [Bot], johnson73 and 88 guests