MikroTik

Community discussions
https://forum.mikrotik.com/

block most ports in the firewall ?

https://forum.mikrotik.com/viewtopic.php?t=136840

Page 1 of 1

block most ports in the firewall ?

Posted: Sun Jul 15, 2018 8:10 pm
by newbz
hey guys
what can i do if i just want to give access to only web browsing to some users ? and maybe just some others apps like messenger, youtube, facebook etc

but really basic

Re: block most ports in the firewall ?

Posted: Sun Jul 15, 2018 9:04 pm
by newbz
my problem is i got a lot of traffic in the connections, i dunno much more how to settings things, i tried to look on different threads and mikrotik tutorials
and some machine are passing over the simple queue setting max limit, even with parent in simple queue, some user got nothing listed and are downloading at 20 Mbps, i can see it on the interface and into the wireless stats of the wifi about their received and sent packets

i really need some help hrhrhr , i got around 20 users on it and when 3 or 4 peoples are doing this things, others users got nothing from the bandwith,

Re: block most ports in the firewall ?

Posted: Mon Jul 16, 2018 6:29 am
by newbz
hey :D

i try with firewall filter rules / drop forward /alltheip/ 17 udp dst port + src port 1025-65535

is it a good idea ??

plus i changed the simple queue with simple queue and multiple target, i made a bunch of groups under one parent
i think +25 simple queue was too much to handle, but most of it still isnt in the details inside simple queue

Re: block most ports in the firewall ?

Posted: Thu Jul 19, 2018 4:01 am
by newbz
btw i reset the mikrotik box and got some kind of update when i was setuping in automatic bridge
changed and deleted some stuffs and used this to start

https://wiki.mikrotik.com/wiki/TransparentTrafficShaper

now look better but some peoples are using app from their phones who s making the phone like a repeater and those stuffs were passing over the limit

Re: block most ports in the firewall ?

Posted: Thu Jul 19, 2018 10:48 am
by normis
you don't have to block all ports. do it in the other way. allow one port, then block everything. you will not have to specify the port numbers

for example

ip firewall filter add chain=forward protocol=tcp port=80 action=accept
ip firewall filter add chain=forward action=drop

first rule accepts something specific
second rule drops everything else. this is just an example, do not copy it. adjust to your needs.

Re: block most ports in the firewall ?

Posted: Fri Jul 20, 2018 7:49 pm
by newbz
i understand what was the problem, a group of peoples were using ipv6 to pass over all the rules, rules were only for ipv4
now i drop all ipv6 and everything is under rules :D

Re: block most ports in the firewall ?

Posted: Sat Jul 21, 2018 2:57 pm
by mohannad
You Block All Accept Port 80 (browsing HTTP) 443 (HTTPS) and you can specify which website that are accepted and which is not by dropping them use also web proxy MT will Help you redirecting and blocking
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/