it will be cleaned up in a future release, but maybe not in 6.30.x .

it will be cleaned up in a future release, but maybe not in 6.30.x .

Why not? It's not a really complex problem. But it's MikroTik choice anyways — to remove it, or not.

Why the fasttracking rules do not count their hits but count something different? Make them count correctly and you do not need any dummy rules!

1. If packet matches a fasttracked connection, it is not being processed by the firewall at all. Just accepted. Thus no rule's counters are being updated when such packets are being processed by your router.
2. A rule with 'action=fasttrack' (fasttrack rule) just marks the corresponding connection-tracking entry for fasttrack. The packet hitting a fasttrack ruleis not being fasttrackedyet, and thus updates the rules' counters.
3. A fasttrack rule does not automatically imply 'accept', effectively passing the matching packet through. If you have an accept rule immediately following the fasttrack rule with the same traffic selectors, the hit and byte count on both rules is always the same. This is perfectly normal and expected.

I want no dummy rules. Each rule should count its own counters correctly.

I want non-removable one dummy rule for all fasttracking rules to display summary values and real rules can show nonsenses further.

I want one dummy rule for each fasttracking rule to display values individually (as many dummy rules as many real fasttracking rules).

I want to have general option to enable or disable this dummy rule.

I want to have an individual option in each fasttracking rule to invoke corresponding dummy rule for counting values.

But: If there is possibility to count the values and display them in dummy rule, the values could be displayed on real rules instead on the dummy ones.

But: If there is possibility to count the values and display them in dummy rule, the values could be displayed on real rules instead on the dummy ones.

Edit 1: These rules are not there when I do a /system reset-configuration no-defaults=yes . So I do not understand why they are separatly handled as "built-ins"

Actually we want MT developers to explain us in DETAIL of how fasttrack works with several examples and clear description.

Ok,
a week has passed. Now the result look quite clear.
People here want to be able to switch the dynamic rules off and want each rule to show its values correctly instead those dummy rules.
Normis, what is your answer to this?

Does justrenamingthat dummyacceptrule toaccountrule solve the problem?

Code:Select all

[admin@INCOMPLETE_CONFIGURATION] > :foreach item in=[ /ip firewall filter find ] do { /ip firewall filter remove $item } failure: cannot remove builtin [admin@INCOMPLETE_CONFIGURATION] > :foreach item in=[ /ip firewall mangle find ] do { /ip firewall mangle remove $item } failure: cannot remove builtin

:foreach item in=[/ip firewall filter find] do={:if ($item != "*8") do={/ip firewall filter remove $item;}} :foreach item in=[/ip firewall mangle find] do={:if ($item != "*3") do={:if ($item != "*2") do={:if ($item != "*1") do={/ip firewall mangle remove $item;}}}}