Hi there ,

I'm trying to secure my home nas, I want to allow obly certain ips to access my nas and I've added drop rule for tcp packerts for src ips !authorized_ips list. Everything works just fine, but I have a couple of questions. I have blocked only tcp packets is that enought? I've tried to log everything !authorized_ips list and in the log appeared many tcp and udp packets from all kind of ips, some of the from my country. I'm wondering if I block every packet from every protocol will I block my internet also?

Thanks

Please post your firewall export.
My advice is to only allow the wanted traffic, and have a generic drop rule at the end to block all other traffic.

This is my drop rule at the top. But this blocks only TCP packets. Should I block everything?

This is my drop rule at the top.

Code: Select all

add action=drop chain=input comment="Drop all !authorized_ips" dst-port="" protocol=tcp src-address-list=!authorized_ips src-port=""

But this blocks only TCP packets. Should I block everything?

Just like I said before, create allow rules for the traffic you want and block all the rest.
But looking at your rule, you are only blocking traffic on your input chain. I assume that your NAS is behind your router, and therefor you should use the forward chain. But another assumption I make is that you are using a private range on your LAN and masquerade your traffic to your public IP. If that is the case, all traffic is destined for your router. If your NAS is supposed to be reachable from outside, create NAT rules and firewall filter allowance rules accordingly.
Maybe you can explain more in detail your network setup and your wishes.
Also I would like to see your complete /ip firewall filter and /ip firewall nat export results.