Maybe using an already established connection? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Dec 17, 2013 11:29 AM, "Rory McCann" <[email protected]> wrote:
> There are allow rules, but nothing that would have matched anything in > this particular rule. > > Rory McCann > MKAP Technology Solutions > Web: www.mkap.net > > On 12/17/2013 10:23 AM, Louis Arsenault wrote: > >> Do you have an allow established rule before this rule? >> Having the allow established rule will continue to allow those bad >> connections until you move the drop rule above it or restart the >> router. >> >> -Louis >> >> On Tue, Dec 17, 2013 at 11:19 AM, Rory McCann <[email protected]> >> wrote: >> >>> Can someone explain to me why the following firewall rule isn't working: >>> >>> /add action=drop chain=forward comment="SQL Access" dst-address=1.2.3.4 >>> dst-port=1433 protocol=tcp src-address-list=!SQL/ >>> >>> From what I understand, this rule should drop SQL traffic from any >>> address >>> not in the SQL address list, correct? >>> >>> My corresponding NAT rule is this: >>> >>> /add action=dst-nat chain=dstnat comment="My Farm Records - SQL Access" >>> dst-address=1.2.3.4 dst-port=1433 protocol=tcp to-addresses=10.2.7.7 >>> to-ports=1433/ >>> >>> It seems as though the NAT rule was taking precedence over the Firewall >>> rule. My SQL server was getting hammered with invalid logins until I >>> added a >>> src-addrerss-list entry to the NAT rule as well. >>> >>> This is on ROS v6.7 >>> >>> -- >>> Rory McCann >>> MKAP Technology Solutions >>> Web: www.mkap.net >>> >>> >>> _______________________________________________ >>> Mikrotik mailing list >>> [email protected] >>> http://mail.butchevans.com/mailman/listinfo/mikrotik >>> >>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik >>> RouterOS >>> >>> >>> >>> >> > _______________________________________________ > Mikrotik mailing list > [email protected] > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20131217/4fd1c693/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
