Which errs in both directions: reputable Australian sites may be hosted overseas, and overseas phishers/hackers might have their site physically located in Australia. The list will not refer to the content of the site, nor to the owner/operator of that site, but (at best) only to the physical location of the server. "I want my users only to see websites from Australia" might look easy to do with such a list, but it isn't. when you think "I only want to receive mail from people in Australia so I will block all mail from servers in other countries" but that will fail because people in Australia might (even unknown to themselves) have their mail server located in another country. You have not defined what "the country of an IP address" is, and neither has the internet.ĭo you want it to refer to the physical location of the system having that address, the citizensship of the owner of that system, or its network? Or of the system's user?Į.g. That's a very simple and effective rule that would drastically reduce any vulnerabilities whilst simplifying management. Ideally this would pull data periodically from a central MikroTik server similar to DDNS which would make it more effective than just using fixed address-lists I'm not peering directly overseas, nobody will ever need to login or establish VPN's from overseas etc There's absolutely zero need for anyone in any other country to have any kind of input to our routers, except maybe ICMP. All of our routers i'd absolutely like to do a simple chain=input src-country!=Australia action=drop. There are very good reasons for country blocking, first and foremost is for many people there's absolutely zero need to allow ANY kind of incoming traffic from overseas. Lmao, oh god, political correctness has now extended to routers. It is completely useless, and it tends to racism. Still a laborious procedure.Ĭonsider a GeoIP package allowing for firewall filtering by Country However I usually do it from commandline so larger numbers of items can be set all at the same time. I recognize the pain of having to walk through entire trees when the top-level speed is changed. or indeed a fourth option could be to set it to some name of a global variable where the value is taken. on a WiFi link also the possibility to track the actual datarate of the link as depending on link quality. default the negotiated interface rate, possibility to manually set a lower rate, and e.g. When the next level is an interface, there should be some options, e.g. I think the queue trees should allow an additional form of rate configuration in the form of a percentage of the rate of the next higher level in the queue tree. Today one needs to define each time an absolute value for Max Limit, Buffer Limit, trigger limit etc.! What a nightmare. This should then be possible to be used within routeros within queue trees, mangle rules, hotspot etc. so forget this one.Įnable using a global "MAX Speed" parameter you expect on your WAN interfaces. It is already there in some parts of routerOS, so should be simple (I put that request in the wrong place in another post earlier)Īnd then yes some day finally Wifi Wave 2 features like band steering, but now I am starting to dream about paradise. Not only one time per day but different times per day and on different days etc.
If you could use percentages of that max values in those various places you could easily adapt to throughput change on your WAN side (like moving to a better LTE modem, adding another WAN link, or Fiber link) and your device would scale up withou any other change.
Enable using a global "MAX Speed" parameter you expect on your WAN interfaces.Have DFS/radar detection log/counter since boot in 5Ghz wireless status tab.I would like to see so many things in routeros but here is a my list I think should happen:
0 kommentar(er)
