This will ensure that anyone trying to use any of these applications to access the router from the internet will be denied access. The following firewall filter rules will block http, https, ssh, ftp, telnet, winbox, and snmp ports on the router. You may also like: How to permit icmp request from the internet to the IP on the WAN interface of your security router
Protocol = tcp or udp, depending on the port number. If there are more than one public IP on the router, an address-list must be used to capture all public addresses on the router.Ĭhain = since the access is aimed at the router and not the devices behind the router, the chain is input. See below:įirst of all, you must understand the following attributes that will be used in the firewall rules.ĭestination address = the public IP assigned to the Mikrotik router. To protect the router, we will configure firewall filter rules to block udp/tcp ports access to the public address assigned to the router. Since the router has been assigned a public address, as shown on the network topology, it means that the router can be reached from devices connected to the internet. Network topology showing a router connected to the internetįrom the image above, our task is clearly defined protect the router from attacks from the internet by locking down the ports listed above. Let’s consider the network topology below:
The beautiful thing about Mikrotik, which a privilege few know, is that with Mikrotik, you do not need to install a firewall device to protect your network as the Mikrotik router itself is a firewall device, and when properly configured, can protect itself as well as LAN users connected behind it. In this demonstration, I will share with us on how to block ftp, snmp, telnet, ssh, http, https, etc, access to your router from the internet.
0 kommentar(er)
