MikroTik

Posted: **Wed May 09, 2018 12:20 am**

I'm starting this thread to share some settings/rules I've made in my routers.

For the beggining non-routable Multicast definitions:

add action=accept chain=forward comment="MCAST: All hosts" dst-address=224.0.0.1
add action=accept chain=forward comment="MCAST: All Routers" dst-address=224.0.0.2
add action=accept chain=forward comment="MCAST: DVMRP" dst-address=224.0.0.4
add action=accept chain=forward comment="MCAST: OSPF" dst-address=224.0.0.5
add action=accept chain=forward comment="MCAST: OSPF DR" dst-address=224.0.0.6
add action=accept chain=forward comment="MCAST: RIPv2" dst-address=224.0.0.9
add action=accept chain=forward comment="MCAST: EIGRP" dst-address=224.0.0.10
add action=accept chain=forward comment="MCAST: PIMv2" dst-address=224.0.0.13
add action=accept chain=forward comment="MCAST: VRRP" dst-address=224.0.0.18
add action=accept chain=forward comment="MCAST: IS-IS over IP" dst-address=224.0.0.19
add action=accept chain=forward comment="MCAST: IS-IS over IP" dst-address=224.0.0.20
add action=accept chain=forward comment="MCAST: IS-IS over IP" dst-address=224.0.0.21
add action=accept chain=forward comment="MCAST: IGMPv3" dst-address=224.0.0.22
add action=accept chain=forward comment="MCAST: HSRPv2/GLBP" dst-address=224.0.0.102
add action=accept chain=forward comment="MCAST: PTPv2" dst-address=224.0.0.107
add action=accept chain=forward comment="MCAST: mDNS" dst-address=224.0.0.251
add action=accept chain=forward comment="MCAST: LLMNR" dst-address=224.0.0.252
add action=accept chain=forward comment="MCAST: Toredo" dst-address=224.0.0.253

Posted: **Wed May 09, 2018 12:52 am**

I'm sure this will be useful to a lot of people! To keep the firewall tables from getting unruly it might be nice to get these into address-lists like "multicast.addresses" and have a single rule. It would make importing, extending, managing, and deleting these rules very simple.

/ip firewall filter
 add chain=forward address-list="multicast.addresses" action=accept comment="Permit: Forward traffic from address-list multicast.addresses."

/ip firewall address-list
  add list=multicast.addresses address=224.0.0.1 comment="All hosts"
  add list=multicast.addresses address=224.0.0.2 comment="All Routers"
  add list=multicast.addresses address=224.0.0.4 comment="DVMRP"
  add list=multicast.addresses address=224.0.0.5 comment="OSPF"
  add list=multicast.addresses address=224.0.0.6 comment="OSPF DR"
  add list=multicast.addresses address=224.0.0.9 comment="RIPv2"
  add list=multicast.addresses address=224.0.0.10 comment="EIGRP"
  add list=multicast.addresses address=224.0.0.13 comment="PIMv2"
  add list=multicast.addresses address=224.0.0.18 comment="VRRP"
  add list=multicast.addresses address=224.0.0.19 comment="IS-IS over IP"
  add list=multicast.addresses address=224.0.0.20 comment="IS-IS over IP"
  add list=multicast.addresses address=224.0.0.21 comment="IS-IS over IP"
  add list=multicast.addresses address=224.0.0.22 comment="IGMPv3"
  add list=multicast.addresses address=224.0.0.102 comment="HSRPv2/GLBP"
  add list=multicast.addresses address=224.0.0.107 comment="PTPv2"
  add list=multicast.addresses address=224.0.0.251 comment="mDNS"
  add list=multicast.addresses address=224.0.0.252 comment="LLMNR"
  add list=multicast.addresses address=224.0.0.253 comment="Toredo"

Posted: **Wed May 09, 2018 12:57 am**

Nice.
But you can't switch on/off or count particular protocols hitting your router.

Posted: **Wed May 09, 2018 1:04 am**

Nice.
But you can't switch on/off or count particular protocols hitting your router.

Well you can just disable and enable the items on the address-list to turn them off and on. I guess counters would be the only downside.

Posted: **Fri Jun 28, 2019 4:58 pm**

Are the firewall rules to be on the AP or CPE or both! also is necessary to specify the interface!

Posted: **Fri Jun 28, 2019 6:42 pm**

For the beggining non-routable Multicast definitions:

If these are non-routable, then why forward?

MikroTik

Usable rules for firewall

Usable rules for firewall

Re: Usable rules for firewall

Re: Usable rules for firewall

Re: Usable rules for firewall

Re: Usable rules for firewall

Re: Usable rules for firewall