I would appreciate if there was a method do dynamically add firewall rules to allow UPnP communication or allow packet/connection marking for packet that goes through dst-nat created by UPnP.
UPnP sessions expire and the rule is added/removed automatically.Hi,
not really, I wanted to add dynamic rules or marks to filter out the traffic that was NOT initiated from "internal" interface.
My understanding is that for UPnP to work properly, there has to be a forward rule defined. I wanted Mikrotik box to filter out traffic that doesn't have coresponding UPnP session instead of general rule that allows forwarding anything.