Page 1 of 1
Drop all inbound traffic ouside of my network
Posted: Fri Dec 08, 2017 8:06 pm
by kd7vea
I am setting up a MikroTik RB2011 and I am trying to configure the fire wall so that anyone trying to access the admin page from outside of the 160.7.240.0/24 network gets dropped. Ive tried a few different methods, but setting up firewalls isn't my strongest quality. a little help on this would be greatly appreciated. thanks
Re: Drop all inbound traffic ouside of my network
Posted: Fri Dec 08, 2017 10:22 pm
by Revelation
What you want to do is to block certain traffic:
This should get you started
14 ;;; Drop SSH(TCP) to WAN
chain=input action=reject reject-with=icmp-network-unreachable protocol=tcp src-address-list=drop_traffic in-interface=ether5 dst-port=22
log=yes log-prefix=""
15 ;;; Drop SSH(UDP) to WAN
chain=input action=reject reject-with=icmp-network-unreachable protocol=udp src-address-list=drop_traffic in-interface=ether5 dst-port=22
log=yes log-prefix=""
16 ;;; Drop Telnet to WAN
chain=input action=reject reject-with=icmp-network-unreachable protocol=tcp src-address-list=drop_traffic in-interface=ether5 dst-port=23
log=yes log-prefix=""
Re: Drop all inbound traffic ouside of my network
Posted: Mon Dec 18, 2017 12:07 pm
by Anumrak
Why action is reject with icmp reply? Do drop without waste of resources of your router.
Re: Drop all inbound traffic ouside of my network
Posted: Mon Dec 18, 2017 2:21 pm
by TmouR
Code: Select all
/ip service
set ssh address=160.7.240.0/24
set telnet address=160.7.240.0/24
set www address=160.7.240.0/24
set ftp address=160.7.240.0/24