Does anyone know of a means for flagging packets generated by The Dude under RouterOS for subsequent firewall filtering?
We have the “output” chain for filtering packets generated by the router itself, including any packets generated by The Dude. However, what would be helpful is if we could distinguish between a ping packet generated by the ping tool versus a ping generated by Dude monitoring. One reason this would be helpful is to place some constraints on network scans. While periodic scans of subnets can be useful, there are some devices that detect scans and block the scanning system. A firewall filter could prevent the Dude from scanning specific devices, while still allowing general discovery of anything new on a subnet.
A related question is whether it is possible to force The Dude to use specific source IP addresses for the traffic it generates? This could be used to isolate traffic using filters within RouterOS, and could also be used by devices being monitored to restrict which hosts are allowed to perform monitoring. Using ping as the example again, there really is a difference between a ping used by RouterOS to determine if a gateway is reachable, versus a ping from the Dude as part of device monitoring.
Assuming that the answers to these questions are negative, then would this be a reasonable enhancement request to pose to the developers?