Community discussions

MUM Europe 2020
 
dadaniel
Member Candidate
Member Candidate
Topic Author
Posts: 160
Joined: Fri May 14, 2010 11:51 pm

drop rule above fasttrack rule not working

Fri Jul 31, 2015 3:42 pm

When not using fasttrack rule, active connections are dropped immediately when they are added to src-address-list.
When using fasttrack, active connections are not dropped, although drop rule is above fasttrack rule:

add action=drop chain=forward src-address-list=ftp_blacklist
add action=fasttrack-connection chain=forward connection-state=established,related
add chain=forward content="530 Login" dst-address-list=!ournetwork dst-limit=12/1m,24,dst-address/1m protocol=tcp src-port=21
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=1w chain=forward content="530 Login" dst-address-list=!ournetwork log=yes log-prefix=block_ftp protocol=tcp src-port=21

Does fasttrack mean that a connection that is matched does never ever get into any chain again?
 
lambert
Long time Member
Long time Member
Posts: 533
Joined: Fri Jul 23, 2010 1:09 am

Re: drop rule above fasttrack rule not working

Sat Aug 01, 2015 6:01 am

I read http://wiki.mikrotik.com/wiki/Manual:Fa ... ck_handler to mean that once a connection has been fasttracked it will bypass all firewall rules until the connection is terminated. I don't know if you can take a connection out of the fasttrack by killing the connection in ip firewall connection and forcing the connection to be re-initiated.

Who is online

Users browsing this forum: No registered users and 39 guests