Firewall Mangle Question
Posted: Fri Aug 13, 2004 2:45 am
by maskham
Can someone please give me a simple expalantion on the difference between the ACCEPT / PASSTHROUGH options on a Mangel rule. I have about 6 Mangle rules for Flow marking traffic and currently have them all set to passthough. Does this effect speed cpu preformance or is this ok to do. Any advice would be greatly apprecisted.
Posted: Fri Aug 13, 2004 4:34 am
by [ASM]
Passthrough "passes" the packet to the next mangle rule.
Accept does't "passes" the packet to the next mangle rule if the packet is proceed by such a rule..
OK let me give you an example:
Lets have this set of rules:
/ip firewall mangle
add set-tos=8 action=passthrought
add tcp-mss=1400 protocol=tcp tcp-options=syn action=passthrought
then each packet will have TOS equal to 8 and each connection will have MSS equal to 1400
Let's make rules like this:
/ip firewall mangle
add set-tos=8 action=accept
add tcp-mss=1400 protocol=tcp tcp-options=syn action=passthrought
then each packet will have TOS equal to 8 , but each connection will have the MSS value wich client/server wanted
I mean this will not work: add tcp-mss=1400 protocol=tcp tcp-options=syn action=passthrought