So Holvoe, the config is correct and thus you can impart ROMON wisdom.
Do pray tell while I show you how to actually review a config, what value does ROMON provide in this scenario...............I would like to know as I probably could use it too.
Observations
(1) There is no point in having ether5,6,7 showing on the /interface bridge ports. Should be removed.
(2) HHBC Syndrome: Must be to have missed this one ( Holvoe High on Belgian Chocolate )
Please indicate to me where the OP, has access to the router for config purposes?????????????????
All I see is two rules for DNS, and one rule to allow wireguard handshake!
I am assuming that he somehow deleted it from the rsc file prior to pasting it here otherwise he would not have been able to access router, a mystery.![:-)]( "Smile")
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=DNS-UDP dst-port=53 in-interface-list=\
LAN protocol=udp
add action=accept chain=input comment=DNS-TCP dst-port=53 in-interface-list=\
LAN protocol=tcp
add action=accept chain=input comment=VPN dst-port=XXXXX in-interface-list=\
WAN protocol=udp
add action=drop chain=input comment="drop all else"
Do pray tell while I show you how to actually review a config, what value does ROMON provide in this scenario...............I would like to know as I probably could use it too.
Observations
(1) There is no point in having ether5,6,7 showing on the /interface bridge ports. Should be removed.
(2) HHBC Syndrome: Must be to have missed this one ( Holvoe High on Belgian Chocolate )
Please indicate to me where the OP, has access to the router for config purposes?????????????????
All I see is two rules for DNS, and one rule to allow wireguard handshake!
I am assuming that he somehow deleted it from the rsc file prior to pasting it here otherwise he would not have been able to access router, a mystery.
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=input comment=DNS-UDP dst-port=53 in-interface-list=\
LAN protocol=udp
add action=accept chain=input comment=DNS-TCP dst-port=53 in-interface-list=\
LAN protocol=tcp
add action=accept chain=input comment=VPN dst-port=XXXXX in-interface-list=\
WAN protocol=udp
add action=drop chain=input comment="drop all else"
Statistics: Posted by anav — Fri Dec 29, 2023 5:49 pm