Filter
Top Products
218 AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
RouterOS v3 Configuration and User Guide
address-list parameter
add-src-to-address-list - adds source address of an IP packet to the address list specified by address-
list parameter
dst-nat - replaces destination address of an IP packet to values specified by to-addresses and to-ports
parameters
jump - jump to the chain specified by the value of the jump-target parameter
log - each match with this action will add a message to the system log
masquerade - replaces source address of an IP packet to an automatically determined by the routing
facility IP address
netmap - creates a static 1:1 mapping of one set of IP addresses to another one. Often used to
distribute public IP addresses to hosts on private networks
passthrough - ignores this rule goes on to the next one
redirect - replaces destination address of an IP packet to one of the router's local addresses
return - passes control back to the chain from where the jump took place
same - gives a particular client the same source/destination IP address from supplied range for each
connection. This is most frequently used for services that expect the same client address for multiple
connections from the same client
src-nat - replaces source address of an IP packet to values specified by to-addresses and to-ports
parameters
address-list (name) - specifies the name of the address list to collect IP addresses from rules having
action=add-dst-to-address-list or action=add-src-to-address-list actions. These address lists could
be later used for packet matching
address-list-timeout (time; default: 00:00:00) - time interval after which the address will be removed
from the address list specified by address-list parameter. Used in conjunction with add-dst-to
address-list or add-src-to-address-list actions
00:00:00 - leave the address in the address list forever
chain (dstnat | srcnat | name) - specifies the chain to put a particular rule into. As the different traffic is
passed through different chains, always be careful in choosing the right chain for a new rule. If the input
does not match the name of an already defined chain, a new chain will be created
dstnat - a rule placed in this chain is applied before routing. The rules that replace destination addresses
of IP packets should be placed there
srcnat - a rule placed in this chain is applied after routing. The rules that replace the source addresses of
IP packets should be placed there
comment (text) - a descriptive comment for the rule. A comment can be used to identify rules form
scripts
connection-bytes (integer-integer) - matches packets only if a given amount of bytes has already been
transfered through the particular connection
0 - means infinity, exempli gratia: connection-bytes=2000000-0 means that the rule matches if more
than 2MB has been transfered through the relevant connection
connection-limit (integer,netmask) - restrict connection number per address or address block (matches
if the specified number of connection has already been established)
connection-mark (name) - matches packets marked via mangle facility with particular connection mark
connection-type (ftp | gre | h323 | irc | mms | pptp | quake3 | tftp) - matches packets from related
connections based on information from their connection tracking helpers. A relevant connection helper
must be enabled under /ip firewall service-port
content (text) - the text packets should contain in order to match the rule
dscp (integer: 0..63) - DSCP (ex-ToS) IP header field value
dst-address (IP address/netmask | IP address-IP address) - specifies the address range an IP packet is
destined to. Note that console converts entered address/netmask value to a valid network address,
i.e.:1.1.1.1/24 is converted to 1.1.1.0/24
dst-address-list (name) - matches destination address of a packet against user-defined address list
dst-address-type (unicast | local | broadcast | multicast) - matches destination address type of the IP
packet, one of the:
unicast - IP addresses used for one point to another point transmission. There is only one sender and
one receiver in this case
local - matches addresses assigned to router's interfaces
broadcast - the IP packet is sent from one point to all other points in the IP subnetwork
multicast - this type of IP addressing is responsible for transmission from one or more points to a set of
other points