Community discussions

MikroTik App
  4. RouterOS
  5. General

Discord question

Post Reply
 
cavaughan
newbie
Topic Author
Posts: 45
Joined: Sun Nov 09, 2014 8:01 pm
Location: Seattle, WA, USA
Contact:
Contact cavaughan

Discord question

Wed Aug 21, 2019 9:49 pm

Got a question about blocking a computer. On the MK router I have the computer use a static IP and in the firewall I can choose to drop all traffic for that computer. It works for everything except the messaging program Discord. As long as it is open it maintains a connection. HOW?
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Discord question

Wed Aug 21, 2019 10:48 pm

It sounds like you don't drop everything, but only new connections. Rules are processed in order from top to bottom, so if you'd have standard "accept established & related" before you drop rule, it would allow existing connections to survive.
Top
 
cavaughan
newbie
Topic Author
Posts: 45
Joined: Sun Nov 09, 2014 8:01 pm
Location: Seattle, WA, USA
Contact:
Contact cavaughan

Re: Discord question

Wed Aug 21, 2019 11:19 pm

Here are the 1st four rules. The rule to block the computer in question is rule No. 3 (counting from 0 - 3), which I put on Drop for Action when wishing to terminate all internet activity. So would I have to basically disable the first rule (as the other 2 are to permit VPN connectivity), then enable Drop for Rule 3, then re-enable Rules 1?
Screenshot from 2019-08-21 13-17-38.png
You do not have the required permissions to view the files attached to this post.
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Discord question

Thu Aug 22, 2019 12:08 am

No. It's not exactly as I thought. The first one is not real rule, you can't disable it. But it shows that you have fasttrack enabled and I don't know if there's a way to close fasttracked connection. One way would be to permanently disable the whole thing, but it's useful, so it's not the best solution.

Edit: One thing you can try is blocking in raw table, but I'm still not sure if fasttrack bypasses that too or not.
Top
 
cavaughan
newbie
Topic Author
Posts: 45
Joined: Sun Nov 09, 2014 8:01 pm
Location: Seattle, WA, USA
Contact:
Contact cavaughan

Re: Discord question

Thu Aug 22, 2019 12:19 am

Blocking in raw table? What is that?
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: Discord question

Thu Aug 22, 2019 12:55 am

IP->Firewall->Raw, it's similar to IP->Firewall->Filter. Just use prerouting chain instead of forward. But remember, maybe it won't work either.
Top
 
cifzo
just joined
Posts: 16
Joined: Mon Feb 18, 2019 10:35 pm

Re: Discord question

Thu Aug 22, 2019 2:36 am

No. It's not exactly as I thought. The first one is not real rule, you can't disable it. But it shows that you have fasttrack enabled and I don't know if there's a way to close fasttracked connection.
Could you use a script to knock down all the existing connections for that IP?

viewtopic.php?t=137245
Top
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1782
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Discord question

Thu Aug 22, 2019 11:25 am

hey, list your fill firewall rule set, for both ipv4 & ipv6.

what I'm wondering: you have fasttrack dummy rule, but not fast track itself..., view is incomplete
fasttrack will bypass most of ip processing for bigger part of packets of a connection, but on regular basis packets will be processed with full path (to refresh connection tracking stats)-> if it's blocked then, connection will be terminated.

also fasttrack will no bypass raw, as it's based on connection tracking, which is established after raw filtering
Top
Post Reply
  4. RouterOS
  5. General