Garrett's Mindless Rambling

Not Just another WordPress site

MikroTik, RouterOS

MikroTik Basic Firewall Filter

Garrett

The following is a basic example of a MikroTik firewall rule list to protect your MikroTik. This guide assumes you are using a bridge called LAN.

  1. Add the firewall rules using the terminal.
    • /ip firewall filter
    • add action=accept chain=forward comment=”Allow EST REL Untracked Forward” connection-state=established,related,untracked
    • add action=accept chain=input comment=”Allow EST REL Untracked Input” connection-state=established,related,untracked
    • add action=accept chain=input comment=”Allow ICMP Input” protocol=icmp
    • add action=drop chain=forward connection-nat-state=!dstnat in-interface=ether1
    • add action=drop chain=forward comment=”Drop Invalid Forward” connection-state= invalid
    • add action=drop chain=forward comment=”Drop Invalid Forward” connection-state=invalid
    • add action=drop chain=input comment=”Drop all Input Not From LAN” in-interface=!LAN

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Back To Top