Community discussions

MikroTik App
 
tookiehr
just joined
Topic Author
Posts: 6
Joined: Sat Jan 08, 2022 7:38 pm

Firewall input problem

Mon Feb 27, 2023 3:49 pm

Hi,

I have a little problem that I fixed but don't fully understand.
So I am in network 192.168.1.0/24 and I am connecting to router 192.168.7.1/24 over L2TP.
I added the FW rule on 192.168.7.1:
add action=accept chain=input src-address=192.168.0.0/16
Then I wanted to drop everything else and i added:
add action=drop chain=input
and lost everything but i was in safe mode, so no harm done.
It worked when i added before drop line:
add action=accept chain=input comment="Allow Established connections" connection-state=established



So if I understand it correctly my existing connection was dropped because the first rule applies only to new connections and I could actually connect if changes weren't reverted because of the safe mode?
And with the rule "accept established connections", connection wasn't dropped because it allows my current connection to the router also.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19125
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Firewall input problem

Mon Feb 27, 2023 5:44 pm

Input chain --> to the router ( typically for a. the admin to configure, b. for users to access services (e.g. DNS).
Therefore if you elect to use drop all (recommended!!) as the last rule you need to ensure rules exist to give access to the admin and users prior to the last rule.

Who is online

Users browsing this forum: Google [Bot] and 17 guests