Hi everyone.
I'm newbie and use RB532A, so I have 3 ethernet.
I have set each NIC to specific IP and netmask.
Sucessfully routed and NATed NIC1 and NIC2 to NIC3(ISP).
So user from NIC1 and NIC2 can browser the internet through NIC3.

Before using Mikrotik, I use personal firewall per PC using ISS Black Ice, and get many traffic trying to get into my PC from many TCP and UDP ports other than general usage ports (80,21,110).

Now I want to create a filter rule that all traffic from NIC3 will be filtered and allow only some TCP ports like 21,80,110 and then drop others.
I don't want to make many statement to drop traffic to unwanted ports one by one, as there are many port for TCP and UDP.
Any simple way to do that ?

ip firewall filter> add ?????

Thanks.

example:
/ip firewall filter
add chain=input protocol=tcp dst-port=21-23 \
action=drop comment="" disabled=no

you can put in there a port range : 21-23 this way ports 21, 22, and 23 will be dropped


But is it possible to put multiple ranges in one rule lets say with commas? If not, please MikroTik devs implemend it. It shouldn't be hard.

example:
/ip firewall filter
add chain=input protocol=tcp dst-port=21-23 \
action=drop comment="" disabled=no

you can put in there a port range : 21-23 this way ports 21, 22, and 23 will be dropped


But is it possible to put multiple ranges in one rule lets say with commas? If not, please MikroTik devs implemend it. It shouldn't be hard.

I see, it can be done by range.
But above rule will be implement for input from all interface, is it correct ?
I need to filter only from interface NIC3, how about that ?
Thanks in advance.

Code: Select all

add chain=forward in-interface=NIC3 dst-port=21 action=accept
add chain=forward in-interface=NIC3 dst-port=80 action=accept
add chain=forward in-interface=NIC3 dst-port=110 action=accept
add chain=forward in-interface=NIC3 action=drop

Thanks.
I think I got what I want now.