MikroTik Changelogs
← Back to search All components

Component: firewall

248 changelog entries across 110 version(s)

Releases by channel (stacked)

7.22.2 Stable 2026-Apr-22 (1 week ago)
  • improved system stability;
7.21.4 Long-term 2026-Apr-21 (1 week ago)
  • improved system stability;
7.23rc1 Testing 2026-Apr-14 (2 weeks ago)
  • improved system stability (additional fixes);
7.23beta5 Development 2026-Apr-01 (1 month ago)
  • improved system stability;
7.23beta2 Development 2026-Mar-13 (1 month ago)
  • improved stability for SIP helper;
7.21 Stable 2026-Jan-12 (3 months ago)
  • added "h" flag indicating that firewall service helper is applied for particular connection;
  • added support for TOS/mask matching for raw rules;
  • clear relevant masqueraded connection tracking entries on IP address change;
  • fixed "tls-host" not matching expected hosts;
  • fixed hotspot value loss on rule enable/disable;
  • fixed strip-ipv4-options always passthrough;
  • hide hw-offload setting from devices that do not support it;
  • improved system stability and memory allocation when using firewall services;
  • make hw-offload=yes default setting in /ip/firewall/filter menu;
  • use the highest TTL as timeout value for domain address list entries if multiple domain names resolve to same IP;
7.21rc6 Testing 2026-Jan-09 (3 months ago)
  • clear relevant masqueraded connection tracking entries on IP address change;
7.20.7 Long-term 2026-Jan-08 (3 months ago)
  • clear relevant masqueraded connection tracking entries on IP address change;
7.22beta1 Development 2026-Jan-02 (4 months ago)
  • clear relevant masqueraded connection tracking entries on WAN address change;
7.21rc3 Testing 2025-Dec-22 (4 months ago)
  • added support for TOS/mask matching for raw rules (additional fixes);
7.21beta9 Testing 2025-Nov-25 (5 months ago)
  • fixed "tls-host" not matching expected hosts;
7.21beta4 Testing 2025-Oct-28 (6 months ago)
  • reduce maximum connection tracking entry count;
7.20.2 Stable 2025-Oct-21 (6 months ago)
  • reduce maximum connection tracking entry count;
7.21beta3 Testing 2025-Oct-14 (6 months ago)
  • use the highest TTL as timeout value for domain address list entries if multiple domain names resolve to same IP (additional fixes);
7.21beta2 Testing 2025-Oct-06 (6 months ago)
  • added "h" flag indicating that firewall service helper is applied for particular connection;
  • added support for TOS/mask matching for raw rules;
  • fixed hotspot value loss on rule enable/disable;
  • fixed strip-ipv4-options always passthrough;
  • hide hw-offload setting from devices that do not support it;
  • improved system stability and memory allocation when using firewall services;
  • make hw-offload=yes default setting in /ip/firewall/filter menu;
  • use the highest TTL as timeout value for domain address list entries if multiple domain names resolve to same IP;
7.20 Stable 2025-Sep-29 (7 months ago)
  • added "liberal-tcp-tracking" connection tracking setting;
  • added connection tracking "total-ip4-entries" and "total-ip6-entries" counters;
  • allow "dst-limit" matcher to work properly above value 10000;
  • fixed IPv6 firewall interface matchers not matching VRF interfaces;
  • improved IPv6 connection tracking lookup responsiveness;
  • improved system stability when processing connections on multicore systems;
  • reorganized firewall connection tracking table values and make them persistent between IPv4 and IPv6;
7.20rc2 Testing 2025-Sep-11 (7 months ago)
  • reorganized firewall connection tracking table values and make them persistent between IPv4 and IPv6 (additional fixes);
7.20beta8 Testing 2025-Aug-15 (8 months ago)
  • fixed IPv6 firewall interface matchers not matching VRF interfaces;
7.20beta7 Testing 2025-Jul-30 (9 months ago)
  • added "liberal-tcp-tracking" connection tracking setting;
7.20beta2 Testing 2025-May-27 (11 months ago)
  • added connection tracking "total-ip4-entries" and "total-ip6-entries" counters;
  • allow "dst-limit" matcher to work properly above value 10000;
  • improved IPv6 connection tracking lookup responsiveness;
  • improved system stability when processing connections on multicore systems;
  • reorganized firewall connection tracking table values and make them persistent between IPv4 and IPv6;
7.19 Stable 2025-May-22 (11 months ago)
  • always show "passthrough" when exporting mangle table;
  • detect VRF addresses as local;
  • fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
7.19beta5 Testing 2025-Mar-12 (1 year ago)
  • fixed IP/Settings "ipv4-fasttrack-active" status showing as inactive when it is active;
7.19beta2 Testing 2025-Feb-28 (1 year ago)
  • always show "passthrough" when exporting mangle table;
  • detect VRF addresses as local;
7.18 Stable 2025-Feb-24 (1 year ago)
  • allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
  • fixed incorrectly inverted hotspot value configuration;
  • increased maximum connection tracking entry count based on device total RAM size;
7.18beta2 Testing 2025-Jan-21 (1 year ago)
  • allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
  • fixed incorrectly inverted hotspot value configuration;
  • increased maximum connection tracking entry count based on device total RAM size;