MikroTik

Community discussions
https://forum.mikrotik.com/

Wiki page firewall rules still relevant?

https://forum.mikrotik.com/viewtopic.php?t=63855

Page 1 of 1

Wiki page firewall rules still relevant?

Posted: Mon Jul 23, 2012 2:10 pm
by tomiso
Hi!

I'm no firewall guru and I'm trying to set up a basic home router.

Are these rules still relevant for RouterOS 5.19?
http://wiki.mikrotik.com/wiki/Manual:IP ... c_examples

Maby someone have better firewall rules for a home router?!

I'm have a RB450G

Re: Wiki page firewall rules still relevant?

Posted: Mon Jul 23, 2012 2:23 pm
by cbrown
I glanced over them and they look fine. Did you have a problem with them?

Re: Wiki page firewall rules still relevant?

Posted: Mon Jul 23, 2012 2:35 pm
by tomiso
Well no :)
But the wikipage states: Applies to RouterOS: v3, v4

Firewall rules are sufficient for a home router?

Thanks!

Re: Wiki page firewall rules still relevant?

Posted: Mon Jul 23, 2012 2:41 pm
by cbrown
Yea they are sufficient for a home router.

Re: Wiki page firewall rules still relevant?

Posted: Tue Jul 24, 2012 11:37 am
by tomiso
One question.

I redid my firewall rules and used http://wiki.mikrotik.com/wiki/Manual:IP ... c_examples.

When pasting (from last section) into terminal
Code: Select all
add chain=icmp protocol=icmp icmp-options=0:0 action=accept \
 	comment="echo reply"  
add chain=icmp protocol=icmp icmp-options=3:0 action=accept \
 	comment="net unreachable"  
add chain=icmp protocol=icmp icmp-options=3:1 action=accept \
 	comment="host unreachable"
add chain=icmp protocol=icmp icmp-options=3:4 action=accept \
 	comment="host unreachable fragmentation required"  
add chain=icmp protocol=icmp icmp-options=4:0 action=accept \
 	comment="allow source quench"  
add chain=icmp protocol=icmp icmp-options=8:0 action=accept \
 	comment="allow echo request"  
add chain=icmp protocol=icmp icmp-options=11:0 action=accept \
 	comment="allow time exceed"  
add chain=icmp protocol=icmp icmp-options=12:0 action=accept \ 
 	comment="allow parameter bad"  
add chain=icmp action=drop comment="deny all other types"
I get an error message from this line:
add chain=icmp protocol=icmp icmp-options=12:0 action=accept \
comment="allow parameter bad"
[admin@MikroTik] /ip firewall filter> comment="allow parameter bad"
expected end of command (line 1 column 9)
I removed the comment and pasted it into terminal and then added comment, so no harm done.
But I'm still curious why?!

Any ideas?
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/