Community discussions

MikroTik App
 
apandi
just joined
Topic Author
Posts: 5
Joined: Sun Apr 24, 2022 9:17 pm

Counters in firewall filter

Tue May 03, 2022 10:26 pm

Hello, my question is more conceptual about basics of counters in firewall filter rules. I searched through the forum and documentation, and unfortunately didn’t find an obvious answer.

In my set-up I use a “whitelist” flavour of filter rules from local net to WAN, i.e. explicitly setting permissible rules while unconditionally dropping everything else at the end.

As a sanity check, I expected whatever count is reported in ‘passthrough forward’ upon connections to WAN (e.g. streaming video) to be reflected in the aggregate count in the forward rules (accept, drop) in the above 'closed' setup. But, I’m seeing a much higher traffic reported in the former than is captured in the latter set.

Barring erroneous rules setup, I was wondering, is there any reason traffic counted by ‘passthrough forward’, would not appear in the counts of the forward rules in the above set up, as intuitively, it suggests the firewall is implicitly allowing something through, bypassing the rules set. Is this an expected behaviour? If so, how would it be possible to inspect firewall state wrt to such connections bypassing the filter rules?

Thank you
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Counters in firewall filter

Wed May 04, 2022 2:14 am

Is "passthrough forward" dynamic rule for FastTrack? If it is, those packet are not seen by other firewall rules.
 
apandi
just joined
Topic Author
Posts: 5
Joined: Sun Apr 24, 2022 9:17 pm

Re: Counters in firewall filter

Thu May 05, 2022 12:58 pm

Yes, it is, thank you. I've also seen MikroTik's talk on FastPath Overview since, which explained this special dummy rule for the counter. I suppose what's a bit counterintuitive here, is overloading of terminology: although the dummy filter rule is marked 'passthrough' action, its behaviour is different from the standard 'passthrough' semantics of the firewall filter rules. The former is more of a 'firewall bypass' indicator. It might be worth noting that in the manual: RouterOS->Firewall and Quality of Service->Filter, which mentions only the standard 'passthrough' action.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Counters in firewall filter

Thu May 05, 2022 3:20 pm

They are just fake rules. They chose them to represent these counters, and passthrough was probably best choice for action, if they didn't want to add another fake one for this. But yes, it can be slightly confusing when it shows among other firewall rules, but those packets don't actually go there.

Who is online

Users browsing this forum: No registered users and 71 guests