I'm still a firewall scripting beginner so please bear with me. I have the following requirements:
1) Allow the router to request NTP synchronisation with an external time source.
2) Allow computers on the LAN segment to request NTP synchronisation with this router.
3) Drop all other synchronisation requests.
Can somebody help me with writing the firewall rules?
-
-
Charlie Whiskey
just joined
- Posts: 24
- Joined:
/ip firewall filter add action=accept src-port=123 protocol=udp src-address=x.y.z.a chain=input comment="Allow the router to request NTP synchronisation with an external time source"
/ip firewall filter add action=accept dst-port=123 protocol=udp in-interface=local chain=input comment="Allow computers on the LAN segment to request NTP synchronisation with this router"
/ip firewall filter add action=drop dst-port=123 protocol=udp chain=input comment="Drop all other synchronisation requests"
/ip firewall filter add action=drop src-port=123 protocol=udp chain=input comment="Drop all other synchronisation requests"
/ip firewall filter add action=drop dst-port=123 protocol=udp chain=forward comment="Drop all other synchronisation requests"
I suggest you also look at this example:
http://www.mikrotik.com/docs/ros/2.9/ip ... t#6.38.3.1
/ip firewall filter add action=accept dst-port=123 protocol=udp in-interface=local chain=input comment="Allow computers on the LAN segment to request NTP synchronisation with this router"
/ip firewall filter add action=drop dst-port=123 protocol=udp chain=input comment="Drop all other synchronisation requests"
/ip firewall filter add action=drop src-port=123 protocol=udp chain=input comment="Drop all other synchronisation requests"
/ip firewall filter add action=drop dst-port=123 protocol=udp chain=forward comment="Drop all other synchronisation requests"
I suggest you also look at this example:
http://www.mikrotik.com/docs/ros/2.9/ip ... t#6.38.3.1