Migration from linux to Mikrotik firewall

acidsas · Tue May 21, 2013 5:10 pm

Hello!
Please give me a hand with understanding firewall in depth.
I need to mark incoming and outgoing packets based on source ip and interface to use them with queues. It could be done in two ways. Which one is better from performance side of view?

chain=forward action=mark-connection new-connection-mark=test-conn passthrough=yes src-address=8.8.8.8 in-interface=WAN
chain=forward action=mark-packet new-packet-mark=test-in passthrough=no out-interface=LAN connection-mark=test-conn
chain=forward action=mark-packet new-packet-mark=test-out passthrough=no out-interface=WAN connection-mark=test-conn

or this one

chain=forward action=mark-packet new-packet-mark=test-in passthrough=no out-interface=LAN src-address=8.8.8.8
chain=forward action=mark-packet new-packet-mark=test-out passthrough=no out-interface=WAN dst-address=8.8.8.8

It is better to specify more parameters to classify packets to lower cpu usage?

chain=forward action=accept protocol=tcp dst-port=80 [b]in-interface=LAN1[/b] dst-address=8.8.8.8
chain=forward action=accept protocol=tcp dst-port=80 [b]in-interface=LAN2[/b] dst-address=8.8.8.8
or
chain=forward action=accept protocol=tcp dst-port=80 dst-address=8.8.8.8

Thanks.

pcunite · Tue Jun 04, 2013 3:29 am

See this:
http://forum.mikrotik.com/viewtopic.php?f=13&t=73214

Migration from linux to Mikrotik firewall

Migration from linux to Mikrotik firewall

Re: Migration from linux to Mikrotik firewall

Who is online