AT-WR4500 Series - IEEE 802.11abgh Outdoor Wireless Routers
85
RouterOS v3 Configuration and User Guide
Property Description
action
(accept | arp-reply | drop | dst-nat | jump | log | mark | passthrough | redirect | return | src-nat;
default:
accept
) - action to undertake if the packet matches the rule, one of the:
accept
- accept the packet. No action, i.e., the packet is passed through without undertaking any action,
and no more rules are processed in the relevant list/chain
arp-reply
- send a reply to an ARP request (any other packets will be ignored by this rule) with the
specified MAC address (only valid in
dstnat
chain)
drop
- silently drop the packet (without sending the ICMP reject message)
dst-nat
- change destination MAC address of a packet (only valid in
dstnat
chain)
jump
- jump to the chain specified by the value of the jump-target argument
log
- log the packet
mark
- mark the packet to use the mark later
passthrough
- ignore this rule and go on to the next one. Acts the same way as a disabled rule, except
for ability to count packets
redirect
- redirect the packet to the bridge itself (only valid in
dstnat
chain)
return
- return to the previous chain, from where the jump took place
src-nat
- change source MAC address of a packet (only valid in
srcnat
chain)
out-bridge
(
name
) - outgoing bridge interface
out-interface
(
name
) - interface via packet is leaving the bridge
to-arp-reply-mac-address
(
MAC address
) - source MAC address to put in Ethernet frame and ARP
payload, when
action=arp-reply
is selected
to-dst-mac-address
(
MAC address
) - destination MAC address to put in Ethernet frames, when
action=dst-nat
is selected
to-src-mac-address
(
MAC address
) - source MAC address to put in Ethernet frames, when
action=src-
nat
is selected
4.5.10
Bridge Brouting Facility
Submenu level:
/interface bridge broute
Description
This section describes broute facility specific options, which were omitted in the general firewall
description
The Brouting table is applied to every packet entering a forwarding enslaved interface (i.e., it does not
work on regular interfaces, which are not included in a bridge)
Property Description
action
(accept | drop | dst-nat | jump | log | mark | passthrough | redirect | return; default:
accept
) -
action to undertake if the packet matches the rule, one of the:
accept
- let the bridging code decide, what to do with this packet
drop
- extract the packet from bridging code, making it appear just like it would come from a not-bridged
interface (no further bridge decisions or filters will be applied to this packet except if the packet would be
router out to a bridged interface, in which case the packet would be processed normally, just like any
other routed packet )
dst-nat
- change destination MAC address of a packet (only valid in
dstnat
chain), an let bridging code to
decide further actions
jump
- jump to the chain specified by the value of the jump-target argument
log
- log the packet
mark
- mark the packet to use the mark later
passthrough
- ignore this rule and go on to the next one. Acts the same way as a disabled rule, except
for ability to count packets
redirect
- redirect the packet to the bridge itself (only valid in
dstnat
chain), an let bridging code to
decide further actions
return
- return to the previous chain, from where the jump took place
to-dst-mac-address
(
MAC address
) - destination MAC address to put in Ethernet frames, when
action=dst-nat
is selected