Altough i added a filter rule for allowing 8291 port, This rule located before drop all !LAN rule. My connecting requests are dropping by "defconf: drop all not coming from LAN" rule. when i enable log this rule i'm getting this log.
Why my rule does'nt work?
how my rule "Winbox izin"
Code: Select all
input: in:ttnet_fiber out:(unknown 0), connection-state:new proto TCP (SYN), 85.105.77.7:58501->85.100.253.83:8291, len 52Code: Select all
/interface vlan
add interface=ether1 name=vlan_35 vlan-id=35
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add interface=ttnet_fiber list=WAN
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan_35 max-mtu=1500 name=ttnet_fiber use-peer-dns=yes user=username
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid log-prefix=def_drop
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment="WinBox izin" connection-nat-state="" connection-state=new connection-type="" dst-port=8291 in-interface-list=WAN log=yes log-prefix=winbox_drop protocol=tcp tcp-flags=""
add action=accept chain=input comment="NAS SSH" disabled=yes dst-port=8022 in-interface-list=WAN protocol=tcp
add action=accept chain=input comment="Gitea SSH" dst-port=22 in-interface-list=WAN protocol=tcp
add action=accept chain=input comment="OpenVpn Server " dst-port=11949 in-interface-list=WAN protocol=tcp
add action=accept chain=input comment="OpenVpn LAN" src-address=10.15.15.0/24
add action=accept chain=input comment=Nginx dst-port=80,443 in-interface-list=WAN protocol=tcp
add action=accept chain=input comment=Mosquitto dst-port=1883 in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN log=yes
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
