MikroTik

Hello guys,

I am attaching here a screenshot of the firewall factory settings of new bought Mikrotik hAP.
My question is why the rule blocking access from outside (rule# 6 currently disabled for testing) is taking effect although the rule allowing this is before it - at first position #1
If I enable rule 6 again it will block traffic from WAN although the rule allowing it is before it (on place 1)

What is the logic here?

https://c.gmx.com/@823553968113195249/F ... mVi9fNIC2A

The logic here is, that you should make relevant columns visible in WinBox. Add "Connection State" to "show columns". Then you should understand.

I am on WebFig.

Weird WebFig. Apparently you can't add columns to the table. But never mind. Just click on the rule #1 and look whats configured.

OK I saw the Connection State settings:
in rule 1: related, established, untracked

Does it mean that I have to create a new rule for allowing connection state "new" packets and to put it before rule #6, which is dropping everything not from !LAN ?

I figured it out.
Added a new rule for accepting new, related, established, untracked, coming from interface list WAN and placed this new rule before the rule dropping everything coming not from !LAN.

In the default Firewall Configuration there is no rule accepting incoming traffic from WAN to the Router itself unless that traffic was initiated from the Router so it returns back as Established/related...
Only ICMP is explicitly allowed...

Another zombie machine is coming out...