new firewall rule

boristurk · Thu May 12, 2005 11:11 am

Hi,

i would like to make a simple firewall rule that drops several tcp ports
(example 135, 179, 304).

Like this:

/ip firewall rule forward add dst-port=135 protocol=tcp action=drop
/ip firewall rule forward add dst-port=179 protocol=tcp action=drop
/ip firewall rule forward add dst-port=304 protocol=tcp action=drop

Can I join this 3 rules into one rule? How?

tx,
Boris T

savage · Thu May 12, 2005 10:38 pm

2.8 doesn't support that. I may stand corrected, but I believe 2.9 does.

tneumann · Thu May 12, 2005 11:36 pm

2.8 doesn't support that. I may stand corrected, but I believe 2.9 does.

Only for a continuous range of ports (dst-port), you can't specify a
comma-separated list of ports for it as far as I can see, so it wouldn't
be useful in this case.

Feature request to MT: Implement port-list (just like address-list) and
allow dst-port-list=... in filter rules?

--Tom

boristurk · Mon May 16, 2005 11:10 am

Hi,

... found a way to make those rules more clear.

I created new chains in firewall section and
i use jump function in main chains (input, output, forward)
regarding the traffic I want limit.

BT

new firewall rule

new firewall rule

firewall rules