HI guys, I have following rules in my routerOS but port scans still seem to go through. I am using the router in bridge mode, Am I missing something ?


0 ;;; Drop scanners
chain=forward action=drop protocol=tcp psd=21,3s,3,1

1 ;;; NMAP FIN Stealth scan
chain=forward action=drop tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp

2 ;;; SYN/FIN scan
chain=forward action=drop tcp-flags=fin,syn protocol=tcp

3 ;;; SYN/RST scan
chain=forward action=drop tcp-flags=syn,rst protocol=tcp

4 ;;; FIN/PSH/URG scan
chain=forward action=drop tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp

5 ;;; ALL/ALL scan
chain=forward action=drop tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp

6 ;;; NMAP NULL scan
chain=forward action=drop tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp

Did you turn on "use-ip-firewall" under "/interface bridge settings"?

yes.
[admin@MikroTik] /interface bridge settings> print
use-ip-firewall: yes

maybe try the bridge firewall, for some reason i couldnt get the ip firewall to filter bridge packets.