I have enabled dns server and ntp server on my router
Code: Select all
/ip dns
set allow-remote-requests=yes cache-max-ttl=1d
/system ntp server
set enabled=yes
I have multiple dhcp server and they have the dns / ntp ip configured as the gateway ip
Code: Select all
/ip dhcp-server network
add address=192.168.1.0/24 dns-server=192.168.1.1 gateway=192.168.1.1 ntp-server=192.168.1.1
add address=192.168.2.0/24 dns-server=192.168.2.1 gateway=192.168.2.1 ntp-server=192.168.2.1
add address=192.168.3.0/24 dns-server=192.168.3.1 gateway=192.168.3.1 ntp-server=192.168.3.1
add address=192.168.4.0/24 dns-server=192.168.4.1 gateway=192.168.4.1 ntp-server=192.168.4.1
add address=192.168.5.0/24 dns-server=192.168.5.1 gateway=192.168.5.1 ntp-server=192.168.5.1
add address=192.168.6.0/24 dns-server=192.168.6.1 gateway=192.168.6.1 ntp-server=192.168.6.1
add address=192.168.7.0/24 dns-server=192.168.7.1 gateway=192.168.7.1 ntp-server=192.168.7.1
my firewall rules is drop by default and because of this I need to have one rule per dhcp server entry to allow client to get dns/ntp, which mean in my current scenario, 7 rules need to be created
Code: Select all
add action=accept chain=input dst-address=192.168.1.1 in-interface=Vlan1
add action=accept chain=input dst-address=192.168.2.1 in-interface=Vlan2
add action=accept chain=input dst-address=192.168.3.1 in-interface=Vlan3
add action=accept chain=input dst-address=192.168.4.1 in-interface=Vlan4
add action=accept chain=input dst-address=192.168.5.1 in-interface=Vlan5
add action=accept chain=input dst-address=192.168.6.1 in-interface=Vlan6
add action=accept chain=input dst-address=192.168.7.1 in-interface=Vlan7
my question is, is there a better way to handle this? is my config too complex for no reason?