Code: Select all
/ip firewall mangle add action=mark-connection chain=prerouting comment=\
"Mangle connections passing by masquerading rule to 172.16.1.0 net" \
dst-address=172.16.1.0/24 new-connection-mark=passing-by-masq-conn
/ip firewall filter add action=drop chain=forward comment=\
"Drop connections passing by masquerading rule" \
connection-mark=passing-by-masq-conn
Code: Select all
add action=masquerade chain=srcnat comment="Masquerading of 172.16.1.0 subnet" \
src-address=172.16.1.0/24 out-interface=ether1
Is these rules redundant or not or good practice is just to filter your traffic by protocols?