Community discussions

MikroTik App
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Filter/RAW rule action to observe

Thu Aug 11, 2022 3:34 pm

I have several rules such as this in my CCR2116 device (running v7.4.1)

/ip firewall raw
add action=drop chain=prerouting protocol=tcp dst-port=80,443 in-interface-list=BR_ALL comment="Bad domain" content=abvrnnyf.com
add action=drop chain=prerouting comment="Inbound blocks" in-interface-list=BR_ALL log-prefix="Blocked In" src-address-list=BlockedSrcList
add action=drop chain=prerouting comment="Outbound blocks" dst-address-list=BlockedDstList in-interface-list=BR_ALL log-prefix="Blocked Out"

I would like to use an action that does not drop but does match and allow the match counters to still increment. Just to observe how the rules will behave.

action=passthrough does that but the packet then continues to be processed by later rules, unlike a Drop where there is no more processing.
I dont see a built in action for something like "no-action".
Any ideas?
was thinking about using something like this
action=jump jump-target=ObserveOnly
and there are not rules for the ObserveOnly chain.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Filter/RAW rule action to observe

Thu Aug 11, 2022 6:11 pm

Why, too much time on your hand? Suggest go outside get some fresh air.
Just put as last rule in input chain
add action=drop chain=input comment="drop all else"

Just ensure you have an access rule to the router prior to the last rule so you dont lock yourself out (easy to do as the rule blocks any traffic not explicitly permitted).
No need for bloated firewall rules. Simple and you get your life back. :-)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Filter/RAW rule action to observe

Thu Aug 11, 2022 6:28 pm

What about action=accept? It will stop processing in raw and let the packet continue further.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Filter/RAW rule action to observe

Thu Aug 11, 2022 6:30 pm

What about action=accept? It will stop processing in raw and let the packet continue further.
You mean accept=match. Brilliant!
I was going to suggest LOG, but as usual you are one step ahead.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Filter/RAW rule action to observe

Thu Aug 11, 2022 6:41 pm

Log is same as passthrough, it doesn't stop processing in given chain.
 
texmeshtexas
Member Candidate
Member Candidate
Topic Author
Posts: 151
Joined: Sat Oct 11, 2008 11:17 pm

Re: Filter/RAW rule action to observe

Fri Aug 12, 2022 6:20 am

actually, tried the jump to a non existent chain that that works perfectly.

Who is online

Users browsing this forum: JDF and 23 guests