Firewall Filter Rules On Mikrotik Routers

Whenever Network firewalls is implemented in a network, you rest assured that outside threats have being kept away from accessing sensitive data which is available inside the network.

It is a wide thing on every network that whenever different networks are joined together, there is always this threat and lack of trust to an extent that someone from outside of your network will tends to break into your LAN.

And as such in the case that these threat excalate break-ins may result in private data being tampered with, assessed and even go as far as being stolen and distributed, valuable data being altered or destroyed, or entire hard drives being erased.
To prevent and avoid all these mischievous and un for told stories,  firewalls are implemented and serves as a means of preventing or minimizing the security risks inherent in connecting to other networks.
It is important to note that a properly configured firewall plays a key role in efficient and secure network infrastructure deployment.

If you’re having trouble securing your network here I have made a script for the essential Firewall rules that will help to protect your router. All you need to do is to go your router menu, click new terminal and paste the script below, after that you press enter.


rewall Filter Rule

2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/ip firewall addresslist
add address=0.0.0.0/8 comment=“Self-Identification [RFC 3330]” list=Bogons
add address=10.0.0.0/8 comment=“Private[RFC 1918] – CLASS A # Check if you nee
d this subnet before enable it” list=Bogons
add address=127.0.0.0/8 comment=“Loopback [RFC 3330]” list=Bogons
add address=169.254.0.0/16 comment=“Link Local [RFC 3330]” list=Bogons
add address=172.16.0.0/12 comment=“Private[RFC 1918] – CLASS B # Check if you
need this subnet before enable it” list=Bogons
add address=192.0.2.0/24 comment=“Reserved – IANA – TestNet1” list=Bogons
add address=192.88.99.0/24 comment=“6to4 Relay Anycast [RFC 3068]” list=
Bogons
add address=198.18.0.0/15 comment=“NIDB Testing” list=Bogons
add address=198.51.100.0/24 comment=“Reserved – IANA – TestNet2” list=Bogons
add address=203.0.113.0/24 comment=“Reserved – IANA – TestNet3” list=Bogons
add address=224.0.0.0/4 comment=
“MC, Class D, IANA # Check if you need this subnet before enable it”
list=Bogons
/ip firewall filter
add action=accept chain=forward comment=“defconf: accept established,related”
    connectionstate=established,related
add action=drop chain=forward comment=“defconf: drop invalid”
    connectionstate=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment=
    “defconf:  drop all from WAN not DSTNATed” connectionnatstate=!dstnat
    connectionstate=new ininterface=ether1
add action=drop chain=forward comment=“Drop to bogon list” dstaddresslist=
Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connectionstate=established
add action=accept chain=input connectionstate=related
add action=drop chain=input ininterface=ether1
you are getting an error when loading the script change the interface name in the script to the name that is assign to your router’s WAN interface.


Leave a Reply

Your email address will not be published. Required fields are marked *