Filter
Top Products
AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers 85
RouterOS v3 Configuration and User Guide
Property Description
action (accept | arp-reply | drop | dst-nat | jump | log | mark | passthrough | redirect | return | src-nat;
default: accept) - action to undertake if the packet matches the rule, one of the:
accept - accept the packet. No action, i.e., the packet is passed through without undertaking any action,
and no more rules are processed in the relevant list/chain
arp-reply - send a reply to an ARP request (any other packets will be ignored by this rule) with the
specified MAC address (only valid in dstnat chain)
drop - silently drop the packet (without sending the ICMP reject message)
dst-nat - change destination MAC address of a packet (only valid in dstnat chain)
jump - jump to the chain specified by the value of the jump-target argument
log - log the packet
mark - mark the packet to use the mark later
passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule, except
for ability to count packets
redirect - redirect the packet to the bridge itself (only valid in dstnat chain)
return - return to the previous chain, from where the jump took place
src-nat - change source MAC address of a packet (only valid in srcnat chain)
out-bridge (name) - outgoing bridge interface
out-interface (name) - interface via packet is leaving the bridge
to-arp-reply-mac-address (MAC address) - source MAC address to put in Ethernet frame and ARP
payload, when action=arp-reply is selected
to-dst-mac-address (MAC address) - destination MAC address to put in Ethernet frames, when
action=dst-nat is selected
to-src-mac-address (MAC address) - source MAC address to put in Ethernet frames, when action=src-
nat is selected
4.5.10 Bridge Brouting Facility
Submenu level: /interface bridge broute
Description
This section describes broute facility specific options, which were omitted in the general firewall
description
The Brouting table is applied to every packet entering a forwarding enslaved interface (i.e., it does not
work on regular interfaces, which are not included in a bridge)
Property Description
action (accept | drop | dst-nat | jump | log | mark | passthrough | redirect | return; default: accept) -
action to undertake if the packet matches the rule, one of the:
accept - let the bridging code decide, what to do with this packet
drop - extract the packet from bridging code, making it appear just like it would come from a not-bridged
interface (no further bridge decisions or filters will be applied to this packet except if the packet would be
router out to a bridged interface, in which case the packet would be processed normally, just like any
other routed packet )
dst-nat - change destination MAC address of a packet (only valid in dstnat chain), an let bridging code to
decide further actions
jump - jump to the chain specified by the value of the jump-target argument
log - log the packet
mark - mark the packet to use the mark later
passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule, except
for ability to count packets
redirect - redirect the packet to the bridge itself (only valid in dstnat chain), an let bridging code to
decide further actions
return - return to the previous chain, from where the jump took place
to-dst-mac-address (MAC address) - destination MAC address to put in Ethernet frames, when
action=dst-nat is selected