Community discussions

MikroTik App
 
ooptimum
just joined
Topic Author
Posts: 2
Joined: Mon Feb 05, 2018 7:48 am

Non-unicast ICMP? Hmm...

Fri Aug 26, 2022 3:13 pm

I label connections for purposes of policy based routing. I process all new connections, but only if they are unicast in order not to waste CPU resources. The mangle table starts with these rules:
/ip firewall mangle
add action=jump chain=prerouting comment="Handle new connections" connection-state=new jump-target=\
    NewInPrerouting

add action=return chain=NewInPrerouting comment="Don't handle non-unicast connections" dst-address-type=\
    !unicast in-interface=ether1_ISP
However, when I try to ping my router from the Internet the second rule catches icmp connections returning processing to the uplevel table, effectively preventing execution of the following rules. If I change dst-address-type from unicast to local, then the rule passes such connections, as intended. Can anyone explain, is this correct behavior or a bug (in case of unicast address type)?
RB3011UiAS, RouterOS v.7.4.

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], giovanni, Guntis, hatred, qatar2022, sch and 102 guests