Migration from linux to Mikrotik firewall
Posted: Tue May 21, 2013 5:10 pm
Hello!
Please give me a hand with understanding firewall in depth.
I need to mark incoming and outgoing packets based on source ip and interface to use them with queues. It could be done in two ways. Which one is better from performance side of view?
or this one
It is better to specify more parameters to classify packets to lower cpu usage?
Thanks.
Please give me a hand with understanding firewall in depth.
I need to mark incoming and outgoing packets based on source ip and interface to use them with queues. It could be done in two ways. Which one is better from performance side of view?
Code: Select all
chain=forward action=mark-connection new-connection-mark=test-conn passthrough=yes src-address=8.8.8.8 in-interface=WAN
chain=forward action=mark-packet new-packet-mark=test-in passthrough=no out-interface=LAN connection-mark=test-conn
chain=forward action=mark-packet new-packet-mark=test-out passthrough=no out-interface=WAN connection-mark=test-conn
Code: Select all
chain=forward action=mark-packet new-packet-mark=test-in passthrough=no out-interface=LAN src-address=8.8.8.8
chain=forward action=mark-packet new-packet-mark=test-out passthrough=no out-interface=WAN dst-address=8.8.8.8
Code: Select all
chain=forward action=accept protocol=tcp dst-port=80 [b]in-interface=LAN1[/b] dst-address=8.8.8.8
chain=forward action=accept protocol=tcp dst-port=80 [b]in-interface=LAN2[/b] dst-address=8.8.8.8
or
chain=forward action=accept protocol=tcp dst-port=80 dst-address=8.8.8.8