klionsgroup.blogg.se - Routeros netmap

Routeros netmap code#

Value of none-dynamic ( 00:00:00) will leave the address in the address list till reboot.Used in conjunction with add-dst-to-address-list or add-src-to-address-list actions Time interval after which the address will be removed from the address list specified by address-list parameter. Applicable if action is add-dst-to-address-list or add-src-to-address-listĪddress-list-timeout ( none-dynamic | none-static | time Default: none-dynamic) strip-ipv4-options - strip IPv4 option fields from IP header, action does not actually remove IPv4 options but rather replaces all option octets with NOP, further matcher with ipv4-options=any will still match the packet.Set remote target with sniff-target and sniff-target-port parameters (Wireshark recommends port 37008) sniff-tzsp - send packet to a remote TZSP compatible system (such as Wireshark).sniff-pc - send a packet to a remote RouterOS CALEA server.set-priority - set priority specified by the new-priority parameter on the packets sent out through a link that is capable of transporting priority (VLAN or WMM-enabled wireless interface).route - forces packets to a specific gateway IP by ignoring normal routing decision (prerouting chain only).

return - pass control back to the chain from where the jump took place.passthrough - if packet is matched by the rule, increase counter and go to next rule (useful for statistics).This kind of marks is used for policy routing purposes only mark-routing - place a mark specified by the new-routing-mark parameter on a packet.mark-packet - place a mark specified by the new-packet-mark parameter on a packet that matches the rule.mark-connection - place a mark specified by the new-connection-mark parameter on the entire connection that matches the rule.

After packet is matched it is passed to next rule in the list, similar as passthrough

log - add a message to the system log containing following data: in-interface, out-interface, src-mac, protocol, src-ip:port->dst-ip:port and length of the packet.

jump - jump to the user defined chain specified by the value of jump-target parameter.

fasttrack-connection - shows fasttrack counters, useful for statistics.

clear-df - clear 'Do Not Fragment' Flag.

change-ttl - change Time to Live field value of the packet to a value specified by the new-ttl parameter.

change-mss - change Maximum Segment Size field value of the packet to a value specified by the new-mss parameter.

Routeros netmap code#

change-dscp - change Differentiated Services Code Point (DSCP) field value specified by the new-dscp parameter.add-src-to-address-list - add source address to Address list specified by address-list parameter.add-dst-to-address-list - add destination address to Address list specified by address-list parameter.Packet is not passed to next firewall rule. The mangle marks exist only within the router, they are not transmitted across the network.Īdditionally, the mangle facility is used to modify some fields in the IP header, like TOS (DSCP) and TTL fields.Īction to take if packet is matched by the rule: They identify a packet based on its mark and process it accordingly. Many other facilities in RouterOS make use of these marks, e.g. Mangle is a kind of 'marker' that marks packets for future processing with special marks.