Detect internet function

berisz · Fri Aug 25, 2023 11:08 pm

Does "Detect internet" bypass the firewall?

> /ip firewall filter add action=passthrough chain=output dst-port=30000 protocol=udp ;

does not count!

> /ip firewall raw add action=drop chain=output dst-address=159.0.0.0/8 ;

does not block!

Nevertheless, communication is established!

Dst: 159.148.147.229 User Datagram Protocol, Src Port: 5678, Dst Port: 30000

???

anav · Fri Aug 25, 2023 11:10 pm

Most recommendations are not to use it unless disabling it prevents some function you need.

berisz · Fri Aug 25, 2023 11:40 pm

Most recommendations are not to use it unless disabling it prevents some function you need.

Okay, okay!
But how is it possible, that it bypasses the output chain???

msatter · Sat Aug 26, 2023 1:45 am

Because it bypasses those, as Mikrotik programmed it. Hoping that the port opened is statefull.

Port 5678/UDP is also the Neighbours port to see other Mikrotik routers.

Amm0 · Sat Aug 26, 2023 3:46 am

I like the internet detect concept ... but agree it's implementation seems under-thought and more often problematic than helpful.

But there is the Packet Flow Diagrams. And by all measures that traffic should be a "router process" starting a "local out", and thus captured by firewall. I'd have to study "raw" but /ip/firewall/filter should work...

This seem like a bug.

Detect internet function

Detect internet function

Re: Detect internet function

Re: Detect internet function

Re: Detect internet function

Re: Detect internet function

Who is online