Community discussions

MikroTik App
 
kashifzai86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 09, 2015 8:58 am
Location: Karachi

Deny Rules stop Working after disabling Connection Tracking

Thu Jun 23, 2022 7:33 am

Hey to All Experts here

I m getting an issue after disabling Connection Tracking, non of my Filter Rules are working Except "Accept Rules", Please do let me know the issue, I have also attached a picture for reference.

Basically, I went through this article and did it, after it happened.

https://aacable.wordpress.com/2018/03/2 ... -mikrotik/
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Deny Rules stop Working after disabling Connection Tracking

Thu Jun 23, 2022 10:58 am

Simply: revert all what you change.

Another that blindly copy & paste article on Internet and call later help on forum,
instead to do the opposite (call first help on forum, and later. if is not obtained anything. search on Internet...)

For example, if you disable connection tracking, how can the firewall know if the packet is invalid or not?
Obviously the firewall is not completely functional with connection tracking off,
Every single new packet is considered a new connection because... is not tracked...
 
kashifzai86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 09, 2015 8:58 am
Location: Karachi

Re: Deny Rules stop Working after disabling Connection Tracking

Thu Jun 23, 2022 11:06 am

For example, if you disable connection tracking, how can the firewall know if the packet is invalid or not?
Obviously the firewall is not completely functional with connection tracking off,
Every single new packet is considered a new connection because... is not tracked...
Yes, I understand that but why the Deny/Drop rule are not working???
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Deny Rules stop Working after disabling Connection Tracking

Thu Jun 23, 2022 11:10 am

The answer is inside what you do not read on the text you quoted...

Extended:
How can know the firewall if the packet is coming from already estabilished connection or not,
if you disable connection tracking?...
 
kashifzai86
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 58
Joined: Mon Nov 09, 2015 8:58 am
Location: Karachi

Re: Deny Rules stop Working after disabling Connection Tracking

Thu Jun 23, 2022 11:30 am

The answer is inside what you do not read on the text you quoted...

Extended:
How can know the firewall if the packet is coming from an already established connection or not,
if you disable connection tracking?...
Thanks for helping me, but this article works goods, If you know any good method to separate CGNATing and distribute LOAD so I work on it
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Deny Rules stop Working after disabling Connection Tracking  [SOLVED]

Thu Jun 23, 2022 11:37 am

I do not criticize if article is wrong or not, I criticize the blind use of copy & paste if you do not understand rigtly what you done...
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Deny Rules stop Working after disabling Connection Tracking

Thu Jun 23, 2022 4:06 pm

Perfect example of not understanding the article at all:
  1. article itself starts with disclaimer saying that reader should not blindly copy-paste config into own router
  2. article is about spliting unified router/firewall/pppoe server into two and instructing to disable connection tracking on the pppoe server ... but that one doesn't perform neither firewalling nor NATting, hence connection tracking is not really needed.

Sigh.

Who is online

Users browsing this forum: 4l4R1, Bing [Bot], GoogleOther [Bot], mogiretony and 82 guests