To avoid disabling fast track first accept the traffic, before the fastrack rule.
ADD TO:
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
WITH:
add action=accept chain=forward connection-state=established,related src-address=SUBNET BEING QUEUED
add action=accept chain=forward connection-state=established,related dst-address=SUBNET BEING QUEUED
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
If more than one subnet, make a firewall address list.
ADD TO:
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
WITH:
add action=accept chain=forward connection-state=established,related src-address=SUBNET BEING QUEUED
add action=accept chain=forward connection-state=established,related dst-address=SUBNET BEING QUEUED
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
If more than one subnet, make a firewall address list.
Statistics: Posted by Mesquite — Thu Feb 01, 2024 4:18 am