Filter
Top Products
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers 207
RouterOS v3 Configuration and User Guide
that particular client
local-dst - true, if a packet has local destination IP address
to-client - true, if a packet is sent to a client
icmp-options (integer:integer) - match ICMP Type:Code fields
in-bridge-port (name) - actual interface the packet has entered the router through (if bridged, this
property matches the actual bridge port, while in-interface - the bridge itself)
in-interface (name) - interface the packet has entered the router through (if the interface is bridged,
then the packet will appear to come from the bridge interface itself)
ingress-priority (integer: 0..63) - INGRESS (received) priority of the packet, if set (0 otherwise). The
priority may be derived from either VLAN or WMM priority
ipv4-options (any | loose-source-routing | no-record-route | no-router-alert | no-source-routing | no-
timestamp | none | record-route | router-alert | strict-source-routing | timestamp) - match ipv4 header
options
any - match packet with at least one of the ipv4 options
loose-source-routing - match packets with loose source routing option. This option is used to route
the internet datagram based on information supplied by the source
no-record-route - match packets with no record route option. This option is used to route the
internet datagram based on information supplied by the source
no-router-alert - match packets with no router alter option
no-source-routing - match packets with no source routing option
no-timestamp - match packets with no timestamp option
record-route - match packets with record route option
router-alert - match packets with router alter option
strict-source-routing - match packets with strict source routing option
timestamp - match packets with timestamp
jump-target (forward | input | output | postrouting | preroutingname) - name of the target chain to
jump to, if the action=jump is used
layer7-protocol (name) - Layer 7 filter name as set in the /ip firewall layer7-protocol menu. Caution:
this matcher needs high computational power
limit (integer/time{0,1},integer) - restrict packet match rate to a given limit. Usefull to reduce the amount
of log messages
count - maximum average packet rate, measured in packets per second (pps), unless followed by time
option
time - specify the time interval over which the packet rate is measured
burst - number of packets to match in a burst
log-prefix (text) - all messages written to logs will contain the prefix specified herein. Used in
conjunction with action=log
new-connection-mark (name) - specify the new value of the connection mark to be used in
conjunction with action=mark-connection
new-dscp (integer: 0..63) - specify the new value of the DSCP field to be used in conjunction with
action=change-dscp
new-mss (integer) - specify MSS value to be used in conjunction with action=change-mss
new-packet-mark (name) - specify the new value of the packet mark to be used in conjunction with
action=mark-packet
new-priority (integer) - specify the new value of packet priority for the priority-enabled interfaces, used
in conjunction with action=set-priority
from-dscp - set packet priority form its DSCP field value
from-ingress - set packet priority from the INGRESS priority of the packet (in case packet has been
received from an interface that supports priorities - VLAN or WMM-enabled wireless interface; 0 if not
set)
new-routing-mark (name) - specify the new value of the routing mark used in conjunction with
action=mark-routing
new-ttl (decrement | increment | set:integer) - specify the new TTL field value used in conjunction with
action=change-ttl
decrement - the value of the TTL field will be decremented for value
increment - the value of the TTL field will be incremented for value
set: - the value of the TTL field will be set to value
nth (integer,integer: 0..15,integer{0,1}) - match a particular Nth packet received by the rule. One of 16
available counters can be used to count packets