Hi,
I have a MT router with w wireless cards (one AP, one Backhaul) and 1 eth. They are all bridged and router is DHCP server. All nodes in same network.
When I enable the filter ¨ALL PtP traffic¨ (or only one specific) and the action=drop the packet filter stops ALL TRAFFIC?
When I try to stop specific ip adress by dropping all packets coming and going to this certain clients ip adress (src ip and dst ip) all traffic stops on other users too! It doesn´t matter if the filter is on top or bottom of the firewal filters and all in the ¨forward¨ chain.
I´ve been searching this forum and the OS manual but find no answer for this behaviour.
Its anyway not clear to me why the ¨block PtP traffic¨ filter option is in the OS packet filter while most forum users try to block by using mangle or prioritising traffic. What is the use of this simple (on/off!) setting and why is everybody going a much more complicated way?
The simple ¨add chain=forward p2p=all-p2p connection-state=established action=drop comment="p2p" disabled=no¨ does NOT work. It stops ALL traffic on the router!
-
-
WirelessRudy
Forum Guru
- Posts: 3119
- Joined:
- Location: Spain
Firewall Filter
Maybe u should change ur rule with this and see :
before :
The simple ¨add chain=forward p2p=all-p2p connection-state=established action=drop comment="p2p" disabled=no¨ does NOT work. It stops ALL traffic on the router!
after :
The simple ¨add chain=forward p2p=!all-p2p connection-state=established action=accept comment="p2p" disabled=no¨
before :
The simple ¨add chain=forward p2p=all-p2p connection-state=established action=drop comment="p2p" disabled=no¨ does NOT work. It stops ALL traffic on the router!
after :
The simple ¨add chain=forward p2p=!all-p2p connection-state=established action=accept comment="p2p" disabled=no¨
Firewall Filter
Maybe u should change ur rule with this and see :
before :
The simple ¨add chain=forward p2p=all-p2p connection-state=established action=drop comment="p2p" disabled=no¨ does NOT work. It stops ALL traffic on the router!
after :
The simple ¨add chain=forward p2p=!all-p2p connection-state=established action=accept comment="p2p" disabled=no¨
before :
The simple ¨add chain=forward p2p=all-p2p connection-state=established action=drop comment="p2p" disabled=no¨ does NOT work. It stops ALL traffic on the router!
after :
The simple ¨add chain=forward p2p=!all-p2p connection-state=established action=accept comment="p2p" disabled=no¨
-
-
WirelessRudy
Forum Guru
- Posts: 3119
- Joined:
- Location: Spain
Thanks for the reply.
I work with Winbox more then with command line and in Winbox this ptp blocking option has a ´tic´ box infront of that option.
Normally checking a ticbox means you enable the belonging option.
But with MT you actually tic that you wan´t NOT to block your choosen option, so NOT ptp traffic. But you tic actually to block ALL OTHER traffic and have ptp go on!
Although it even pops up with a little ¨NOT¨ when the mouse is above this tic box it still didn´t make that conclusion for me!
Stupid? Well call it that way. But when tic boxes are used to perform a 180 degrees turn in the option you just set is not a logical action in my brain..
But thanks again for your reply.
I work with Winbox more then with command line and in Winbox this ptp blocking option has a ´tic´ box infront of that option.
Normally checking a ticbox means you enable the belonging option.
But with MT you actually tic that you wan´t NOT to block your choosen option, so NOT ptp traffic. But you tic actually to block ALL OTHER traffic and have ptp go on!
Although it even pops up with a little ¨NOT¨ when the mouse is above this tic box it still didn´t make that conclusion for me!
Stupid? Well call it that way. But when tic boxes are used to perform a 180 degrees turn in the option you just set is not a logical action in my brain..
But thanks again for your reply.
