MikroTik Changelogs
← Back to search All components

Component: firewall

254 changelog entries across 113 version(s)

Releases by channel (stacked)

7.19beta2 Testing 2025-Feb-28 (1 year ago)
  • always show "passthrough" when exporting mangle table;
  • detect VRF addresses as local;
7.18 Stable 2025-Feb-24 (1 year ago)
  • allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
  • fixed incorrectly inverted hotspot value configuration;
  • increased maximum connection tracking entry count based on device total RAM size;
7.18beta2 Testing 2025-Jan-21 (1 year ago)
  • allow in-interface/in-bridge-port/in-bridge matching in postrouting chains;
  • fixed incorrectly inverted hotspot value configuration;
  • increased maximum connection tracking entry count based on device total RAM size;
7.17 Stable 2025-Jan-16 (1 year ago)
  • added none-dynamic and none-static arguments for IPv6 address-list-timout settings;
  • added support for random external port allocation;
  • added warning log for TCP SYN flood;
  • fixed "dst-limit" and "limit" mathers when using zero value for burst argument;
  • improved matching from deeply nested interface-lists;
  • removed default mangle passthrough=yes configuration from export;
7.17beta6 Testing 2024-Nov-20 (1 year ago)
  • improved matching from deeply nested interface-lists (additional fixes);
7.17beta5 Testing 2024-Nov-13 (1 year ago)
  • added support for random external port allocation;
  • improved matching from deeply nested interface-lists;
7.17beta2 Testing 2024-Sep-27 (1 year ago)
  • added none-dynamic and none-static arguments for IPv6 address-list-timout settings;
  • added warning log for TCP SYN flood;
  • fixed "dst-limit" and "limit" mathers when using zero value for burst argument;
  • removed default mangle passthrough=yes configuration from export;
7.16 Stable 2024-Sep-20 (1 year ago)
  • added message when interface belonging to VRF is added in filter rules;
  • fixed an issue with unsetting src-address-type;
  • fixed IPv6 "nth" matcher showing up twice in help;
  • fixed issue that prevents restoring src-address-list and dst-addres-list properties using undo command;
  • removed unnecessary TLS host matcher from NAT tables;
7.16rc1 Testing 2024-Jul-31 (1 year ago)
  • fixed an issue with unsetting src-address-type;
7.16beta3 Testing 2024-Jun-27 (1 year ago)
  • removed unnecessary TLS host matcher from NAT tables;
7.16beta2 Testing 2024-Jun-12 (2 years ago)
  • added message when interface belonging to VRF is added in filter rules (additional fixes);
7.16beta1 Testing 2024-Jun-05 (2 years ago)
  • added message when interface belonging to VRF is added in filter rules;
  • fixed IPv6 "nth" matcher showing up twice in help;
  • fixed issue that prevents restoring src-address-list and dst-addres-list properties using undo command;
7.14 Stable 2024-Feb-29 (2 years ago)
  • added "creation-time" parameter for IPv6 address list entries;
  • fixed underlying CAPsMAN tunnel reusing packet marks of encapsulated packets;
  • fixed underlying VXLAN/EoIP tunnel reusing packet marks of encapsulated packets;
  • increased default "udp-timeout" value from 10s to 30s;
7.14beta8 Testing 2024-Jan-22 (2 years ago)
  • fixed underlying CAPsMAN tunnel reusing packet marks of encapsulated packets;
  • fixed underlying VXLAN/EoIP tunnel reusing packet marks of encapsulated packets;
7.14beta3 Testing 2023-Dec-19 (2 years ago)
  • added "creation-time" parameter for IPv6 address list entries;
  • increased default "udp-timeout" value from 10s to 30s;
7.13 Stable 2023-Dec-14 (2 years ago)
  • added "nat-pmp" support;
  • added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
  • do not mark all IPv6 GRE packets as invalid;
  • fixed IPv6 address-list timeout;
  • fixed altered address-list when upgrading from RouterOS v6;
  • fixed connections being tracked when tracking is disabled;
  • removed "prohibited" and "unreachable" IPv4 address-type arguments;
7.12 Stable 2023-Nov-09 (2 years ago)
  • added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
7.13beta1 Testing 2023-Nov-09 (2 years ago)
  • added "nat-pmp" support;
  • added new IPv6 filter arguments "icmp-err-src-routing-header" and "icmp-headers-too-long" for "reject-with" setting;
  • do not mark all IPv6 GRE packets as invalid;
  • fixed altered address-list when upgrading from RouterOS v6;
  • fixed connections being tracked when tracking is disabled;
  • fixed IPv6 address-list timeout;
  • removed "prohibited" and "unreachable" IPv4 address-type arguments;
7.12beta1 Testing 2023-Aug-15 (2 years ago)
  • added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
7.11 Stable 2023-Aug-15 (2 years ago)
  • added warning when PCC divider argument is smaller than remainder;
  • fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
  • improved system stability when using "endpoint-independent-nat";
7.11rc1 Testing 2023-Jul-28 (2 years ago)
  • improved system stability when using "endpoint-independent-nat";
6.49.8 Long-term 2023-Jul-19 (2 years ago)
  • fixed IRC NAT helper (CVE-2022-2663);
7.11beta2 Testing 2023-Jun-21 (3 years ago)
  • added warning when PCC divider argument is smaller than remainder;
  • fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
7.10 Stable 2023-Jun-15 (3 years ago)
  • added "endpoint-independent-nat" support;
  • added "nth" option for IPv6 firewall;
6.48.7 Long-term 2023-May-23 (3 years ago)
  • fixed IRC NAT helper (CVE-2022-2663);