Community discussions

MikroTik App
  4. RouterOS
  5. General

How to allow several IPs to bypass a filter rule

Post Reply
 
blougaville
newbie
Topic Author
Posts: 35
Joined: Thu Aug 18, 2011 10:39 pm

How to allow several IPs to bypass a filter rule

Tue Nov 27, 2012 8:42 pm

I have various filter rules to detect port scanners and block them coming into my Mikrotik from the internet. For example:
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="Add NMAP NULL scan to Port Scanners address list" disabled=no \
in-interface=ether1-WAN protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

add action=drop chain=input comment="dropping port scanners input chain" \
disabled=no src-address-list="port scanners"

add action=drop chain=forward comment=\
"drop port scanners on forward chain from the WAN" disabled=no \
in-interface=ether1-WAN src-address-list="port scanners"
The problem is, I need to allow a Security Metrics port scan to take place so they can test our network, so they have provided me with several IP addresses that I need to bypass my firewall rules. I can't figure out how to do this. I can't add them to another address list and choose NOT from that address list, because I am already using the Address List field in the drop rules to match with detected port scanners.
Top
 
User avatar
TrollMan
Member Candidate
Member Candidate
Posts: 168
Joined: Mon Apr 04, 2011 9:25 pm

Re: How to allow several IPs to bypass a filter rule

Tue Nov 27, 2012 9:01 pm

I actually added a feature request for multiple address lists, think it would solve multiple problems.
Top
 
AlexN
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Thu Feb 18, 2010 11:02 am

Re: How to allow several IPs to bypass a filter rule

Wed Nov 28, 2012 9:59 am

Try to modify first rule in the next way:
Code: Select all
add action=add-src-to-address-list address-list="port scanners" \
 address-list-timeout=2w chain=input comment="Add NMAP NULL scan to Port Scanners address list" disabled=no \
 in-interface=ether1-WAN protocol=tcp \
 tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg src-address-list=!allowed_ip
And put to "allowed_ip" address-list addresses that you need to bypass.
Top
 
blougaville
newbie
Topic Author
Posts: 35
Joined: Thu Aug 18, 2011 10:39 pm

SOLVED How to allow several IPs to bypass a filter rule

Mon Dec 03, 2012 8:14 am

Thank you very much, AlexN. I didn't even think about modifying those rules!

Still, I second the idea that the multiple address list features would be helpful.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], kleshki and 32 guests
  4. RouterOS
  5. General