Community discussions

MikroTik App
 
Xaesar
just joined
Topic Author
Posts: 10
Joined: Mon Feb 06, 2023 12:44 am

firewall filter disabled=yes

Mon Feb 06, 2023 12:47 am

Hi!

I did not find anything of this in the forums or documention either,
so I was looking at port knocking, when this rule came up:
add action=drop chain=input disabled=yes in-interface-list=WAN src-address-list=blacklist

Now I doubt it is simply initiating the rule as disabled, would seem counterproductive as it was in their example guide to use that rule.
However I cannot wrap around what disabled=yes would do here.

Cheers for any illumination on the subject.

/X
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26294
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: firewall filter disabled=yes

Mon Feb 06, 2023 8:23 am

It means rule is turned off.
Not doing anything.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: firewall filter disabled=yes

Mon Feb 06, 2023 3:20 pm

Why port knocking if you can do wireguard??
 
Xaesar
just joined
Topic Author
Posts: 10
Joined: Mon Feb 06, 2023 12:44 am

Re: firewall filter disabled=yes

Wed Feb 15, 2023 12:00 am

Thought it an interesting idea, I am just getting started in understanding networks. So while I might not use it, it has been a bit educational reading about and how to implement.
Why port knocking if you can do wireguard??
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18961
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: firewall filter disabled=yes

Wed Feb 15, 2023 12:08 am

Implementing then is not the goal but understanding the rules and how to use them in a config is a worthy process...........
 
User avatar
k6ccc
Forum Guru
Forum Guru
Posts: 1490
Joined: Fri May 13, 2016 12:01 am
Location: Glendora, CA, USA (near Los Angeles)
Contact:

Re: firewall filter disabled=yes

Wed Feb 15, 2023 8:38 pm

There are a number of reasons why you might have disabled rules. One example is that you are trying something that does not work. So instead of editing the rule, copy the rule and change the copy and disable the original rule. That makes it easier to go back to where you started. Eventually the non-working rules will get deleted.
I have a bunch of packet counter rules that are mainly for testing. They are normally left disabled, but enabled when I need to some specific testing.

Just a couple examples.

Who is online

Users browsing this forum: FlowerShopGuy, nepotu, Scoox, tangent and 58 guests