![]() ![]() firewall inspects packets passing and according to rules it either passes packet or drops it (optionally informing sender about that). it is still routing.Īnd then you can have a firewall between two parts of network (either same IP subnet or different IP subnets). or if you have multiple LAN subnets (all within your premises) and you want to move packets between those IP subnets. internet) and the other subnet is your own LAN. And it doesn't matter if one of those subnets is on the other side of Earth (i.e. Routing process is involved always where source and destination of a packet are not within same IP subnet. First things first: a typical MT does two distinct things: a) routing b) firewalling Generally yes, but I would say that a firewall can also be used inside a closed environment within just the same one subnet, without any uplink.ĭo you think this doesn't make any sense? IMO it very well does. ), of which none is complete by itself, just snippets/crumbs everywhereįIrewall is always used for traffic being routed. I for me have unfortunately a hard time to find the necessary information spread all over many web sites (wiki, help, forum, web, blogs. I would suggest that MT should better publish a comprehensive & professional RouterOS Technical Reference Manual, where everything is documented centrally in a PDF-book. But firewall documentation (or the snippets spread all over the wiki, help, forum, the web.) and the reality somehow don't match, IMHO. This is really confusing b/c my device is in Bridge Mode (all interfaces in same one bridge), and I have the said use-ip-firewall setting not enabled, and I have placed my firewall stuff under "/ip firewall filter", but the firewall is still functioning (!), (although not that perfect, or even correct yet for my taste surely a firewall setup issue. but there are cases where you make the decision that you have to inspect bridged traffic using firewall, knowing the cost is CPU time ![]() by ticking this box, you asking such traffic to go through the firewall, therefore involve more CPU and lower performance. My understanding for use-ip-firewall, is bridged traffic, by default, does not go through the firewall.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |