Bridge Nat - MikroTik RouterOS v2.9 Reference Manual

Description
This section describes bridge packet filter specific filtering options, which were omitted in the
general firewall description
Property Description
action ( accept | drop | jump | log | mark | passthrough | return ; default: accept ) - action to
undertake if the packet matches the rule, one of the:
• accept - accept the packet. No action, i.e., the packet is passed through without undertaking any
action, and no more rules are processed in the relevant list/chain
• drop - silently drop the packet (without sending the ICMP reject message)
• jump - jump to the chain specified by the value of the jump-target argument
• log - log the packet
• mark - mark the packet to use the mark later
• passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule,
except for ability to count packets
• return - return to the previous chain, from where the jump took place
out-bridge ( name ) - outgoing bridge interface
out-interface ( name ) - interface via packet is leaving the bridge

Bridge NAT

Home menu level: /interface bridge nat
Description
This section describes bridge NAT options, which were omitted in the general firewall description
Property Description
action ( accept | arp-reply | drop | dst-nat | jump | log | mark | passthrough | redirect | return |
src-nat ; default: accept ) - action to undertake if the packet matches the rule, one of the:
• accept - accept the packet. No action, i.e., the packet is passed through without undertaking any
action, and no more rules are processed in the relevant list/chain
• arp-reply - send a reply to an ARP request (any other packets will be ignored by this rule) with
the specified MAC address (only valid in dstnat chain)
• drop - silently drop the packet (without sending the ICMP reject message)
• dst-nat - change destination MAC address of a packet (only valid in dstnat chain)
• jump - jump to the chain specified by the value of the jump-target argument
• log - log the packet
• mark - mark the packet to use the mark later
• passthrough - ignore this rule and go on to the next one. Acts the same way as a disabled rule,
except for ability to count packets
Page 166 of 695
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.