Drop all inbound traffic ouside of my network
I am setting up a MikroTik RB2011 and I am trying to configure the fire wall so that anyone trying to access the admin page from outside of the 160.7.240.0/24 network gets dropped. Ive tried a few different methods, but setting up firewalls isn't my strongest quality. a little help on this would be greatly appreciated. thanks
-
-
Revelation
Member
- Posts: 336
- Joined:
Re: Drop all inbound traffic ouside of my network
What you want to do is to block certain traffic:
This should get you started
This should get you started
Code: Select all
14 ;;; Drop SSH(TCP) to WAN
chain=input action=reject reject-with=icmp-network-unreachable protocol=tcp src-address-list=drop_traffic in-interface=ether5 dst-port=22
log=yes log-prefix=""
15 ;;; Drop SSH(UDP) to WAN
chain=input action=reject reject-with=icmp-network-unreachable protocol=udp src-address-list=drop_traffic in-interface=ether5 dst-port=22
log=yes log-prefix=""
16 ;;; Drop Telnet to WAN
chain=input action=reject reject-with=icmp-network-unreachable protocol=tcp src-address-list=drop_traffic in-interface=ether5 dst-port=23
log=yes log-prefix=""
Re: Drop all inbound traffic ouside of my network
Why action is reject with icmp reply? Do drop without waste of resources of your router.
Re: Drop all inbound traffic ouside of my network
Code: Select all
/ip service
set ssh address=160.7.240.0/24
set telnet address=160.7.240.0/24
set www address=160.7.240.0/24
set ftp address=160.7.240.0/24