Community discussions

MikroTik App
 
RobstarUSA
newbie
Topic Author
Posts: 44
Joined: Sun Apr 15, 2018 5:42 am

ipv6 firewall input chain match on in interface doesn't seem to work.

Wed Jul 27, 2022 4:18 am

Hello all,

Thanks in advance for any help you can give me. I'm running 7.4 code on an RB3011

The last rule before my input chain has a jump to "v6_www_services"
The last rule is a default deny:
add action=jump chain=input comment="Input - Manage RB3 via ipv6" jump-target=v6_www_services log=yes log-prefix=jump-to-v6_www src-address-list=Lanv6

add action=drop chain=input comment="No access to RB3" log=yes log-prefix=v6-deafult-drop-input
If, in the "jump-target" rule I also specify an In. Interface of "ether1_MGMT" the jump rule will get skipped and hit the default deny. The log will actually show the traffic came in on ether1_MGMT. If I remove that match condition it works fine. Anyone seen this before?

If this matters, ether1_MGMT is in the "mgmt" vrf, not the default one.
 
RobstarUSA
newbie
Topic Author
Posts: 44
Joined: Sun Apr 15, 2018 5:42 am

Re: ipv6 firewall input chain match on in interface doesn't seem to work.

Tue Aug 16, 2022 3:23 am

Update:

I have created a case with Mikrotik and they can reproduce the problem. Hopefully a fix is forthcoming :)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: ipv6 firewall input chain match on in interface doesn't seem to work.

Tue Aug 16, 2022 4:59 am

Quick guess, it's probably related to the funny business with hidden interfaces (see VRF and hidden interfaces). But it's weird that it would log the right one.

Who is online

Users browsing this forum: Bing [Bot], coreshock, GoogleOther [Bot], Qalderu, Railander, sted and 58 guests