NIkDE TO NEPISU.. skoro som zodral google aj klavesnicu.. doslakaa
Diky.❗️Toto je původní verze internetového fóra ISPforum.cz do února 2020 bez možnosti registrace nových uživatelů. Aktivní verzi fóra naleznete na adrese https://telekomunikace.cz
Mikrotik -jump
Mikrotik -jump
Ako prosim vas presne funguje JUMP v Mikrotiku - jasne ze skoci na zadane pravidla ale co potom? Ked pravidlo zafunguje tak tym to asi konci, ked nie, vrati sa paket spet a pokracuje pravidlami za Jumpom?
NIkDE TO NEPISU.. skoro som zodral google aj klavesnicu.. doslakaa Diky.
NIkDE TO NEPISU.. skoro som zodral google aj klavesnicu.. doslakaa
Diky.
0 x
Studuj linuxový NETFILTER. To je totiž ono ... až na pár modulů (hlavně kvůli hotspotu) z dílny mikrotiku.
Každý chain končí implicitním RETURN. Tedy to chápeš správně.
Každý chain končí implicitním RETURN. Tedy to chápeš správně.
0 x
Jelikož je zde zakázáno se negativně vyjadřovat k provozním záležitostem, tak se holt musím vyjádřit takto: nové fórum tak jak je připravováno považuji za cestu do pekel. Nepřehledný maglajz z toho bude. Do podpisu se mi pozitiva již nevejdou.
ludvik píše:Studuj linuxový NETFILTER. To je totiž ono ... až na pár modulů (hlavně kvůli hotspotu) z dílny mikrotiku.
Každý chain končí implicitním RETURN. Tedy to chápeš správně.
Ok, super, diky.
0 x
No a este pridam komplexnejsie info, iste to pomoze zaciatocnikom.
To je to pekne vysvetlene -
https://www.reddit.com/r/mikrotik/comme ... mp_chains/
Custom chains come in handy when one has a lot of filters. If the traffic flow is split into different chains, a lot of processing power can be saved.
Firewall filters are traversed from top to bottom. Filter chains are a way to group rules that make sense to group. Say you have 5 rules that match different TCP options, it makes no sense to process those for each UDP packet. So one could put those 5 rules in it's own filter chain and then add a single rule that jumps to that chain on protocol=tcp. An improperly defined ruleset can absolutely destroy packet processing performance.
look at the chains like this: 1) each chain ends with accept. 2) going to the end of the rules in the system (default) chains will advance packet further into the packet flow 3) going to the end of the custom chain will bring the packet back to where it jumped. And next rule of source chain will be applied to it.
Yes, if you need let's say to block websites, you can use jump to skip other redundant firewall filter match.
To je to pekne vysvetlene -
https://www.reddit.com/r/mikrotik/comme ... mp_chains/
Custom chains come in handy when one has a lot of filters. If the traffic flow is split into different chains, a lot of processing power can be saved.
Firewall filters are traversed from top to bottom. Filter chains are a way to group rules that make sense to group. Say you have 5 rules that match different TCP options, it makes no sense to process those for each UDP packet. So one could put those 5 rules in it's own filter chain and then add a single rule that jumps to that chain on protocol=tcp. An improperly defined ruleset can absolutely destroy packet processing performance.
look at the chains like this: 1) each chain ends with accept. 2) going to the end of the rules in the system (default) chains will advance packet further into the packet flow 3) going to the end of the custom chain will bring the packet back to where it jumped. And next rule of source chain will be applied to it.
Yes, if you need let's say to block websites, you can use jump to skip other redundant firewall filter match.
0 x