Mikrotik firewall queues

predel · Mon Feb 12, 2024 5:40 pm

Hi,
I recently had a Mikrotik router for home use. I want to get to know the device and at the very beginning I have a few questions, probably simple for you, but I can't find a solution. I wanted to protect it from connecting to the provider so that it rejects all incoming connections with the LAN disabled. I made this entry:
26 ;;; Drop all from WAN not DSTNAT
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
It looks good, but on the router itself I can't ping or update packages:

ping google.com
invalid value for argument address:
    invalid value of mac-address, mac address required
    invalid value for argument ipv6-address
    while resolving ip-address: could not get answer from dns server
> ping 8.8.8.8
  SEQ HOST SIZE TTL TIME STATUS
    0 8.8.8.8 timeout
    1 8.8.8.8 timeout

Error: could not resolve dns name.

If I turn it off, everything works. The second thing is that I have a 150M/50M connection at home and I would like to divide it equally among all household members.
Is this what Queues is for?
Where can I check what traffic is coming out of my network and, if necessary, analyze it? to end unnecessary calls.
I will be very grateful for links and any articles that will expand my knowledge.
Piotrek

Mesquite · Mon Feb 12, 2024 6:59 pm

The default rules are very good,
Once you start setting up anything different from the default setup they need to be slighly modified.

Change the !LAN input rule to two rules:
accept all LAN rule
Drop all else rule

Change the forward chain rule "drop from WAN not dstnated" to three rules.
accept lan to wan
accept dstnat
***** add any other admin rules here like access to shared printer etc. *****
drop all else

Mikrotik firewall queues

Mikrotik firewall queues

Re: Mikrotik firewall queues

Who is online