Hi,
a question regarding impact on router's resources/performance while extensively using actions jump and return
Example "If destination matches address list go to allowed actions"
Or even nested deeper:
a question regarding impact on router's resources/performance while extensively using actions jump and return
Example "If destination matches address list go to allowed actions"
Code:
add action=jump chain=forward dst-address-list=pi in-interface-list=!WAN jump-target=srvr out-interface-list=!WAN comment=">>> SRVR" add action=accept chain=srvr comment="--- dns tcp" dst-port=53,5053 in-interface-list=LAN protocol=tcpadd action=accept chain=srvr comment="--- dns udp" dst-port=53,5053 in-interface-list=LAN protocol=udpadd action=accept chain=srvr comment="--- mqtt" dst-port=1883,8883 in-interface-list=LAN protocol=tcp src-address-list=MQTT-allowed src-port=""add action=accept chain=srvr comment="--- ssh" dst-port=22 in-interface-list=trusted protocol=tcp src-address-list=adminadd action=accept chain=srvr comment="--- syslog udp" dst-port=514 in-interface-list=LAN protocol=udp src-address-list=SYSLOG-allowedadd action=accept chain=srvr comment="--- syslog tcp" dst-port=514 in-interface-list=LAN protocol=tcp src-address-list=SYSLOG-allowedadd action=accept chain=srvr comment="--- smb" dst-port=445 in-interface-list=trusted protocol=tcp src-address-list=personalDevicesadd action=return chain=srvr in-interface-list=!WAN out-interface-list=!WAN comment="<<< forward" add action=drop chain=srvr comment="--- DROPALL ---" Or even nested deeper:
Code:
#condition 1add action=jump chain=forward dst-address-list=pi in-interface-list=!WAN jump-target=srvr out-interface-list=!WAN comment=">>> SRVR" #condition 1.1add action=jump chain=srvr jump-target=server1 dst-port=53,5053 in-interface-list=interfaceList_1 comment=">>> SERVER1" #condition 1.2add action=jump chain=srvr jump-target=server2 dst-port=53,5053 in-interface-list=interfaceList_1 comment=">>> SERVER2" add action=accept chain-server1 comment="DNS for some interfaces accepted on server 1" # under conditionsadd action=accept chain-server1 comment="another accepted something" # under different conditionsadd action=return chain=server1 comment="<<< SRVR" add action=accept chain=server2 comment="something accepted on server 2" # under conditionsadd action=accept chain=server2 comment="another accepted something" # under different conditionsadd action=return chain=server2 comment="<<< SRVR" add action=accept chain=srvr #common rules for a list... add action=return chain=srvr in-interface-list=!WAN out-interface-list=!WAN comment="<<< forward" add action=drop chain=srvr comment="--- DROPALL ---" Statistics: Posted by ccky — Wed Dec 13, 2023 8:18 am