MikroTik Changelog Tracker
← Back to search All components

Component: firewall

159 changelog entries across 58 version(s)

Releases by channel (stacked)

6.45.1 Stable 2019-Jun-27 (6 years ago)
  • fixed fragmented packet processing when only RAW firewall is configured;
  • process packets by firewall when accepted by RAW with disabled connection tracking;
6.41.3 Stable 2018-Mar-08 (7 years ago)
  • fixed "tls-host" firewall feature (introduced in v6.41);
6.40.6 Long-term 2018-Feb-20 (8 years ago)
  • limited maximum "address-list-timeout" value to “35w3d13h13m56s”;
6.41.1 Stable 2018-Jan-30 (8 years ago)
  • fixed "tls-host" firewall feature (introduced v6.41);
  • limited maximum "address-list-timeout" value to 35w3d13h13m56s;
6.41 Stable 2017-Dec-22 (8 years ago)
  • added "tls-host" firewall matcher;
6.40.5 Stable 2017-Oct-31 (8 years ago)
  • do not NAT address to 0.0.0.0 after reboot if to-address is used but not specified;
6.39.3 Long-term 2017-Oct-12 (8 years ago)
  • fixed bridge "action=log" rules;
  • fixed crash on fasttrack dummy rule manual change attempt;
  • properly remove "address-list" entry after timeout ends;
  • removed unique address list name limit;
6.40.1 Stable 2017-Aug-03 (8 years ago)
  • properly remove "address-list" entry after timeout ends;
6.38.7 Long-term 2017-Jun-20 (8 years ago)
  • do not allow to set "rate" value to 0 for "limit" parameter;
  • fixed "address-list" entry "creation-time" adjustment to timezone;
  • fixed "address-list" entry changing from IP to DNS and vice versa;
  • fixed cosmetic "invalid" flag when item was disabled;
6.39.2 Stable 2017-Jun-01 (8 years ago)
  • fixed "address-list" entry "creation-time" adjustment to timezone;
  • do not allow to set "rate" value to 0 for "limit" parameter;
  • fixed "address-list" entry changing from IP to DNS and vice versa;
6.37.5 Long-term 2017-Mar-09 (8 years ago)
  • do not allow to set "time" parameter to 0s for "limit" option;
  • fixed import of exported configuration that had updated "limit" setting;
6.38.4 Stable 2017-Mar-08 (8 years ago)
  • do not allow to set "time" parameter to 0s for "limit" option;
6.38.3 Stable 2017-Feb-07 (9 years ago)
  • added "fasttrack" dummy rule to "/ip firewall raw" table;
  • do not show IPv4 “fastpath” as active if “route-cache” is disabled;
  • fixed import of exported configuration that had updated "limit" setting;
6.38.1 Stable 2017-Jan-13 (9 years ago)
  • nat action "netmap" now requires to-addresses to be specified;
6.37.4 Long-term 2017-Jan-13 (9 years ago)
  • do not defragment packets which are marked with "notrack" in raw firewall;
  • fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
  • fixed dynamic raw rule behaviour;
  • fixed rule activation if "time" option is used and no other active rules are present;
  • nat action "netmap" now requires to-addresses to be specified;
6.38 Stable 2016-Dec-30 (9 years ago)
  • added "creation-time" to address list entries;
  • added sctp/dccp/udp-lite support for "src-port", "dst-port", "port" and "to-ports" firewall options;
  • do not defragment packets which are marked with "notrack" in raw firewall;
  • fixed "time" option by recognizing weekday properly (introduced in v6.37.2);
  • fixed dynamic raw rule behaviour;
  • fixed rule activation if "time" option is used and no other active rules are present;
  • increased max size of connection tracking table to 1048576;
  • new faster "connection-limit" option implementation;
  • significantly improved large firewall rule set import performance;
6.37.3 Stable 2016-Nov-28 (9 years ago)
  • fixed filter rule "limit" parameter by making it visible again;
  • fixed interface slave state recognition (broken in 6.37.2);
  • fixed timeout option on address lists with domain name;
6.37.2 Stable 2016-Nov-08 (9 years ago)
  • do not allow to increase/decrease ttl and hop-limit by 0;
  • fixed "connection-state" value disappearance in rules that were created before v6.22;
  • fixed compact export (introduced in 6.37rc14);
  • improved "time" option (ranges like 22h-10h now are acceptable);
6.37.1 Stable 2016-Sep-30 (9 years ago)
  • fixed dynamic dummy firewall rules appearance in raw tables;
6.37 Stable 2016-Sep-23 (9 years ago)
  • added additional matchers for firewall raw rules;
  • fixed time based rules on time/timezone changes (again);
6.36.1 Stable 2016-Aug-05 (9 years ago)
  • fixed time based rules on time/timezone changes;
6.36 Stable 2016-Jul-20 (9 years ago)
  • added "/interface list" menu which allows to create list of interfaces which can be used as in/out-interface-list matcher in firewall and use as a filter in traffic-flow;
  • added pre-connection tracking filter - "raw" table, that allow to protect connection-tracking from unnecessary traffic;
  • allow to add domain name to address-lists (dynamic entries for resolved addresses will be added to specified list);
  • added udplite, dccp, sctp connection tracking helpers;
  • do not show disabled=no in export;
  • fixed spelling in built-in firewall commentary;
6.35.4 Stable 2016-Jun-09 (9 years ago)
  • do not show disabled=no in export;
6.35.2 Stable 2016-May-02 (9 years ago)
  • fixed policy routing configurations (introduced in 6.35rc38);
6.35 Stable 2016-Apr-14 (9 years ago)
  • added experimental "action=route" in mangle prerouting - that forces packets to specific gateway by ignoring routing decisions (CLI only);