(2) WHY OH WHY do you have this input chain rule on the RB2011........
add action=accept chain=input comment="allow WireGuard" dst-port=51820 protocol=udp
Do you expect the server to contact and make a handshake with a client device ?????
Because that's the way it's documented? See https://help.mikrotik.com/docs/display/ ... figuration.
(3) Why is your Firewall ruleset DISORGANIZED making it harder to read................
try putting input chain rules together and foreward chain rules together....
Currently they are significantly out of whack affecting performance.
How does the order of the rules affect performance exactly?
Statistics: Posted by verbylab — Sun Dec 31, 2023 3:37 am