MikroTik

Posted: **Fri Aug 25, 2023 11:08 pm**

Does "Detect internet" bypass the firewall?

> /ip firewall filter add action=passthrough chain=output dst-port=30000 protocol=udp ;

does not count!

> /ip firewall raw add action=drop chain=output dst-address=159.0.0.0/8 ;

does not block!

Nevertheless, communication is established!

Dst: 159.148.147.229 User Datagram Protocol, Src Port: 5678, Dst Port: 30000

???

Posted: **Fri Aug 25, 2023 11:10 pm**

Most recommendations are not to use it unless disabling it prevents some function you need.

Posted: **Fri Aug 25, 2023 11:40 pm**

Most recommendations are not to use it unless disabling it prevents some function you need.

Okay, okay!
But how is it possible, that it bypasses the output chain???

Posted: **Sat Aug 26, 2023 1:45 am**

Because it bypasses those, as Mikrotik programmed it. Hoping that the port opened is statefull.

Port 5678/UDP is also the Neighbours port to see other Mikrotik routers.

Posted: **Sat Aug 26, 2023 3:46 am**

I like the internet detect concept ... but agree it's implementation seems under-thought and more often problematic than helpful.

But there is the Packet Flow Diagrams. And by all measures that traffic should be a "router process" starting a "local out", and thus captured by firewall. I'd have to study "raw" but /ip/firewall/filter should work...

This seem like a bug.

MikroTik

Detect internet function

Detect internet function

Re: Detect internet function

Re: Detect internet function

Re: Detect internet function

Re: Detect internet function