Note that connection-state=related connections connection-nat-state is determined by direction of the first packet. If no-mark is set, rule will match any unmarked connection.Ĭonnection-nat-state ( srcnat | dstnat Default: )Ĭan match connections that are srcnatted, dstnatted or both. Matches packets marked via mangle facility with particular connection mark. Matches connections per address or address block after given value is reached.Ĭonnection-mark ( no-mark | string Default: ) 0 - means infinity, for example connection-bytes=2000000-0 means that the rule matches if more than 2MB (upload and download) has been transfered through the relevant connectionĬonnection-limit ( integer,netmask Default: ) Matches packets only if a given amount of bytes has been transfered through the particular connection. If the input does not match the name of an already defined chain, a new chain will be created.Ĭonnection-bytes ( integer-integer Default: ) Specifies to which chain the rule will be added.
sniff-pc - send a packet to a remote RouterOS CALEA server.set-priority - set priority specified by the new-priority parameter on the packets sent out through a link that is capable of transporting priority (VLAN or WMM-enabled wireless interface).route - forces packets to a specific gateway IP by ignoring normal routing decision (prerouting chain only).return - pass control back to the chain from where the jump took place.passthrough - if packet is matched by the rule, increase counter and go to next rule (useful for statistics).This kind of marks is used for policy routing purposes only mark-routing - place a mark specified by the new-routing-mark parameter on a packet.mark-packet - place a mark specified by the new-packet-mark parameter on a packet that matches the rule.mark-connection - place a mark specified by the new-connection-mark parameter on the entire connection that matches the rule.After packet is matched it is passed to next rule in the list, similar as passthrough log - add a message to the system log containing following data: in-interface, out-interface, src-mac, protocol, src-ip:port->dst-ip:port and length of the packet.jump - jump to the user defined chain specified by the value of jump-target parameter.fasttrack-connection - shows fasttrack counters, useful for statistics.clear-df - clear 'Do Not Fragment' Flag.change-ttl - change Time to Live field value of the packet to a value specified by the new-ttl parameter.change-mss - change Maximum Segment Size field value of the packet to a value specified by the new-mss parameter.
Which type of firewall for control mac address code#
Packet is not passed to next firewall rule. The mangle marks exist only within the router, they are not transmitted across the network.Īdditionally, the mangle facility is used to modify some fields in the IP header, like TOS (DSCP) and TTL fields.Īction to take if packet is matched by the rule: They identify a packet based on its mark and process it accordingly. Many other facilities in RouterOS make use of these marks, e.g. Mangle is a kind of 'marker' that marks packets for future processing with special marks.
0 kommentar(er)
