Can someone explain to me why the following firewall rule isn't working:
/add action=drop chain=forward comment="SQL Access" dst-address=1.2.3.4
dst-port=1433 protocol=tcp src-address-list=!SQL/
From what I understand, this rule should drop SQL traffic from any
address not in the SQL address list, correct?
My corresponding NAT rule is this:
/add action=dst-nat chain=dstnat comment="My Farm Records - SQL Access"
dst-address=1.2.3.4 dst-port=1433 protocol=tcp to-addresses=10.2.7.7
to-ports=1433/
It seems as though the NAT rule was taking precedence over the Firewall
rule. My SQL server was getting hammered with invalid logins until I
added a src-addrerss-list entry to the NAT rule as well.
This is on ROS v6.7
--
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
_______________________________________________
Mikrotik mailing list
[email protected]
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
