MikroTik

Posted: **Mon Feb 29, 2016 10:41 am**

I don't want to write 50+ rules to deny different type of traffic. I like to allow specify few http https browsers rules and after that I like to deny all other traffic e.g virus chain, FTP, DNS, RDP, VPN requests etc from WAN interface.

Can anyone please help to configure something like

Permit HTTP HTTPS RDP from 192.168.1.0 192.168.2.0 and Deny all other inbound traffic

Posted: **Mon Feb 29, 2016 12:03 pm**

Hi,

it's easy , first of all accept any traffic you need , then deny all traffics !!!

*** BE CAREFUL : filtering rules order is very important here , you could deny any access to the router , then you should reset its configuration

Posted: **Mon Feb 29, 2016 2:22 pm**

Since you are wanting to allow traffic only from 2 /24 subnets, you want to start by creating an address-list for those 2 networks.

/ip firewall address-list
add address=192.168.1.0/24 list=Allowed_Networks
add address=192.168.2.0/24 list=Allowed_Networks

Next you will need to create the rule(s) to allow the traffic to pass through the router.

/ip firewall filter
add chain=forward dst-port=3389,80,443 protocol=tcp src-address-list=Allowed_Networks comment="Allow Traffic"

You can check that this rule is being used by enabling the log option.

Then add your default deny rule when you are happy.

/ip firewall filter
add action=drop chain=forward  src-address-list=Allowed_Networks comment="Default Deny Rule"

These rules wont affect traffic to the router itself, but only control what traffic is passing through it.

MikroTik

Deny All Traffic Rule

Deny All Traffic Rule

Re: Deny All Traffic Rule

Re: Deny All Traffic Rule