Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

firewall rules jump/return  [SOLVED]

Locked
 
mvcorrea
just joined
Topic Author
Posts: 13
Joined: Tue Aug 08, 2017 2:25 am

firewall rules jump/return

Fri Sep 08, 2017 6:27 am

Hi there,

I have a chain called "wifi" where I filter who and when to get internet access.

on my first rule i have a matching action forward where I jump into the wifi chain.

there I implement some rules then I do return (I supposed to return to the next line after the jump)

but I am unable to see any match? Any help is appreciated :)
Code: Select all
 1    chain=forward action=jump jump-target=wifi in-interface=all-wireless log=no log-prefix="wifi"
 ...
 12    chain=wifi action=accept src-mac-address=00:22:5F:B4:B5:94
 13 I  ;;; inactive time
      chain=wifi action=accept time=13h-14h,mon,tue,wed,thu,fri log=no
 14    chain=wifi action=drop time=10h-23h59m,mon,tue,wed,thu,fri log=no
 15 X  chain=wifi action=return log=no
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: firewall rules jump/return

Fri Sep 08, 2017 4:14 pm

It also depends on the rest of your config. What you have can work with independent wireless interface. But in case you have it bridged with wired, in-interface=all-wireless won't match, because from firewall's point of view, packed will be coming from bridge.
Top
 
mvcorrea
just joined
Topic Author
Posts: 13
Joined: Tue Aug 08, 2017 2:25 am

Re: firewall rules jump/return

Fri Sep 08, 2017 8:16 pm

Hi Sob, tanks for your help

So the situation is because all interfaces are in same bridge? its logical :)
So If I create other bridge, put both wireless ifaces on it, it should work with this config?

regards,
Top
 
User avatar
ZeroByte
Forum Guru
Forum Guru
Posts: 4047
Joined: Wed May 11, 2011 6:08 pm

Re: firewall rules jump/return

Fri Sep 08, 2017 9:44 pm

Yep.

The basic rule of thumb for in/out interface matching in the IP firewall is whether or not there's an IP address on the interface you mention. Only IP interfaces have their traffic passed to the IP firewall.
Top
 
mvcorrea
just joined
Topic Author
Posts: 13
Joined: Tue Aug 08, 2017 2:25 am

Re: firewall rules jump/return  [SOLVED]

Sat Sep 09, 2017 8:47 pm

:)

So please could you help me in this setup?
I got everything working, I now I have hits in the firewall, but I think I got some questionable config :)
Code: Select all
# RouterOS v6.40.1 - MikroTik hAP ac

# new bridge
/interface bridge
add name=wifi-bridge

# ifs on the bridge
/interface bridge port
add bridge=wifi-bridge comment=defconf interface=wlan-2G
add bridge=wifi-bridge comment=defconf interface=wlan-5G

# creating subnet for it
/ip address
add address=10.10.11.1/24 interface=wifi-bridge network=10.10.11.0

# then
# create a pool
/ip pool
add name=wifi-pool ranges=10.10.11.160-10.10.11.189

# associate pool/bridge
/ip dhcp-server
add address-pool=wifi-pool disabled=no interface=wifi-bridge name=server1

# I need this to make it work
/ip dhcp-server network
add address=10.10.11.0/24 gateway=10.10.11.1
looks ok, did I forgot something?
Also Whats the difference in creating a subnet "/ip address add address=*" and the subnet created "/ip dhcp-server network*"
Code: Select all
[admin@MikroTik] > /ip route print 
...
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          XX.YY.128.1              1
...
 2 ADC  10.10.10.0/24      10.10.10.1      bridge                    0
 3 ADC  10.10.11.0/24      10.10.11.1      wifi-bridge               0
...
comments are welcome :)
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: firewall rules jump/return

Sat Sep 09, 2017 10:05 pm

I think it looks ok. And in "/ip address" there's address (and network) used by router, while "/ip dhcp-server network" is config given to dhcp clients.
Top
Locked
  4. RouterOS
  5. Beginner Basics