I want to disable all incoming UDP packet, unless source port is 1812 or 1813, or dest port is 3799. I tried to use two rules:

/ip firewall filter chain=input action=drop protocol=udp src-port=!1812,1813
/ip firewall filter chain=input action=accept protocol=udp dst-port=3799

But this doesn't seem to work. Input packet with dest port 3799 are blocked. How to correct the rules?

Put the accept rule before the drop rule. Firewall rules are processed in order top to bottom.

Sent from my LG-D850 using Tapatalk

how about if you put the src-port and dst-port in one line and drop on the next line? like below:

Code: Select all

/ip firewall filter chain=input action=accept protocol=udp src-port=1812,1813 dst-port=3799
/ip firewall filter chain=input action=drop protocol=udp

That would make an AND situation. The dst port would need to be 3799 and souce either 1812 or 1813 or the packet would drop.

Those rules are still AND gated. Traffic will only pass to port 3799 from either 1812 or 1813. All other packets will be dropped. The rules here are functionally the same as what was suggested in post #3, but in 3 lines rather than 2.

Sent from my LG-D850 using Tapatalk

Not all packets are showing up in my firewal ?

If you have rules for Established, Related before these rules, the remaining packets are probably accepted there. These rules would only match the first packets in the connection.

Sent from my LG-D850 using Tapatalk

My understanding is the first packet is a "new" one

Then Comes the established and related

But i see movement on my interfaces

But the firewall doesnt seem to represent the data flowing

And fastpath and fasttrack is disabled