MikroTik

Community discussions
https://forum.mikrotik.com/

Help with firewall drop rules priority

https://forum.mikrotik.com/viewtopic.php?t=192854

Page 1 of 1

Help with firewall drop rules priority

Posted: Sun Jan 22, 2023 4:04 am
by jennerfernandesfilho
Hi there,

I have installed a Mikrotik RB750g3 on my environment, and i did the follow schema.

I have two networks, a DMZ and LAN. And the traffic between is limited. Basically, the only traffic allowed from the LAN is the Web Server access who's has located in DMZ. So, I did the follow configuration.

I create a rule to allow the source and destination IP address and ports forward traffic to my Web Server and near bellow, a rule to drop every traffic else. But, when I enable the drop rule, all my traffic is dropped, include the traffic that I set to be allowed above.

A think that maybe issue of priority, but I can't make it work!

Someone can Help?

Re: Help with firewall drop rules priority

Posted: Mon Jan 23, 2023 4:00 am
by anav
Sure
/export file=anynameyouwish ( minus router serial # and any public WANIP information )

Re: Help with firewall drop rules priority

Posted: Mon Jan 23, 2023 9:05 am
by mkx
A think that maybe issue of priority, but I can't make it work!

Firewall rules are evaluated from top to bottom. And that's the priority. So if rules are in order you described with so many words, then your allow rule is faulty and doesn't really catch the traffic it's supposed to. So follow advice by @anav ... and describe (with details) what kind of traffic is supposed to be allowed. Then we (@anav in particular :wink:) will be able to check validity of your setup.

Please post complete config, sometimes reason for something not working hides in configuration subtree which inexperienced user doesn't suspect.
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/