Welcome to Scribd!

Firewall FBasic Examples

Uploaded by

0% found this document useful (0 votes)

32 views3 pages

The document discusses firewall configuration on a router to protect both the router and customer networks. It sets rules to drop invalid and unwanted traffic for various protocols. Specific rules are defined to block bogon IP addresses and deny certain TCP and UDP ports. The final rules only allow necessary ICMP code types and drop all other ICMP traffic.

Original Description:

Original Title

Firewall FBasic examples.docx

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

32 views3 pages

Firewall FBasic Examples

Uploaded by

Kayode Emmanuel

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 3

Search inside document

Basic examples

Router protection
Lets say our private network is 192.168.0.0/24 and public (WAN) interface is ether1. We will set up
firewall to allow connections to router itself only from our local network and drop the rest. Also we will
allow ICMP protocol on any interface so that anyone can ping your router from internet.

/ip firewall filter

add chain=input connection-state=invalid action=drop \
comment="Drop Invalid connections"
add chain=input connection-state=established action=accept \
comment="Allow Established connections"
add chain=input protocol=icmp action=accept \
comment="Allow ICMP"
add chain=input src-address=192.168.0.0/24 action=accept \
in-interface=!ether1
add chain=input action=drop comment="Drop everything else"

Customer protection
To protect the customer's network, we should check all traffic which goes through router and block
unwanted. For icmp, tcp, udp traffic we will create chains, where will be droped all unwanted
packets:

/ip firewall filter

add chain=forward protocol=tcp connection-state=invalid \
action=drop comment="drop invalid connections"
add chain=forward connection-state=established action=accept \
comment="allow already established connections"
add chain=forward connection-state=related action=accept \
comment="allow related connections"

Block "bogon" IP addresses

add chain=forward src-address=0.0.0.0/8 action=drop

add chain=forward dst-address=0.0.0.0/8 action=drop
add chain=forward src-address=127.0.0.0/8 action=drop
add chain=forward dst-address=127.0.0.0/8 action=drop
add chain=forward src-address=224.0.0.0/3 action=drop
add chain=forward dst-address=224.0.0.0/3 action=drop

Make jumps to new chains:

add chain=forward protocol=tcp action=jump jump-target=tcp

add chain=forward protocol=udp action=jump jump-target=udp
add chain=forward protocol=icmp action=jump jump-target=icmp

Create tcp chain and deny some tcp ports in it:

add chain=tcp protocol=tcp dst-port=69 action=drop \

comment="deny TFTP"
add chain=tcp protocol=tcp dst-port=111 action=drop \
comment="deny RPC portmapper"
add chain=tcp protocol=tcp dst-port=135 action=drop \
comment="deny RPC portmapper"
add chain=tcp protocol=tcp dst-port=137-139 action=drop \
comment="deny NBT"
add chain=tcp protocol=tcp dst-port=445 action=drop \
comment="deny cifs"
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS"
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop
comment="deny NetBus"
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny
NetBus"
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny
BackOriffice"
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny
DHCP"

Deny udp ports in udp chain:

add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP"

add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC
portmapper"
add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC
portmapper"
add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny
NBT"
add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS"
add chain=udp protocol=udp dst-port=3133 action=drop comment="deny
BackOriffice"

Allow only needed icmp codes in icmp chain:

add chain=icmp protocol=icmp icmp-options=0:0 action=accept \

comment="echo reply"
add chain=icmp protocol=icmp icmp-options=3:0 action=accept \
comment="net unreachable"
add chain=icmp protocol=icmp icmp-options=3:1 action=accept \
comment="host unreachable"
add chain=icmp protocol=icmp icmp-options=3:4 action=accept \
comment="host unreachable fragmentation required"
add chain=icmp protocol=icmp icmp-options=4:0 action=accept \
comment="allow source quench"
add chain=icmp protocol=icmp icmp-options=8:0 action=accept \
comment="allow echo request"
add chain=icmp protocol=icmp icmp-options=11:0 action=accept \
comment="allow time exceed"
add chain=icmp protocol=icmp icmp-options=12:0 action=accept \
comment="allow parameter bad"
add chain=icmp action=drop comment="deny all other types"

Firewall
Document4 pages
Firewall
Andika87
No ratings yet
Blockportvirusdimikrotik Akbartk Wordpress Com
Document24 pages
Blockportvirusdimikrotik Akbartk Wordpress Com
semeru telecom
No ratings yet
Annisa Rezdky Andini Ab Xii TKJ 5
Document6 pages
Annisa Rezdky Andini Ab Xii TKJ 5
Annisa Rezdky Andini
No ratings yet
Firewall
Document3 pages
Firewall
Wawan Naning A'im
No ratings yet
Firewall Mikrotik
Document4 pages
Firewall Mikrotik
tec_danielsoto
No ratings yet
Copia RB 2011 Rita ... Mikrotik
Document9 pages
Copia RB 2011 Rita ... Mikrotik
Wireless Networks Empresa de telecomunicaciones
No ratings yet
Firewall MK
Document3 pages
Firewall MK
Arman Nthree
No ratings yet
Firewall Mikrotik L3
Document5 pages
Firewall Mikrotik L3
jhonnathan0103
No ratings yet
Workshop Firewall
Document10 pages
Workshop Firewall
Zetri Aldino
No ratings yet
Versi Lite 2isp
Document4 pages
Versi Lite 2isp
Replay Gaming
No ratings yet
Block Scanner Mikrotik
Document2 pages
Block Scanner Mikrotik
Bedest Cakep
0% (1)
Bandwidth Setup
Document3 pages
Bandwidth Setup
Twine Kiosk
No ratings yet
Block Brute Force Attack in Mikrotik Router
Document1 page
Block Brute Force Attack in Mikrotik Router
Pedro Hernandez
No ratings yet
Ip Firewall filter-MIKROTIK BLOQUEO DE VULNERABILIDADES
Document1 page
Ip Firewall filter-MIKROTIK BLOQUEO DE VULNERABILIDADES
Mario Alcides Calo
No ratings yet
Block Brute Force Attack in Mikrotik Router
Document1 page
Block Brute Force Attack in Mikrotik Router
Guillermo Cabrera Contrera
No ratings yet
Script Antivirus Mikrotik
Document1 page
Script Antivirus Mikrotik
Andri
No ratings yet
Virus Port Mikrotik
Document2 pages
Virus Port Mikrotik
Khodor Akoum
No ratings yet
Data Raw Untuk Pisah Traffic 5 Isp
Document3 pages
Data Raw Untuk Pisah Traffic 5 Isp
Ach. Lukman Iraqi
No ratings yet
Mikro Firewall Defends
Document1 page
Mikro Firewall Defends
Randi Mokodaser
No ratings yet
Script Raw
Document2 pages
Script Raw
Ashari Jensakay
No ratings yet
Scrip Port Game + Sosmed
Document12 pages
Scrip Port Game + Sosmed
Tomy Christ Pangaribuan
No ratings yet
Load PCC+NTH
Document1 page
Load PCC+NTH
Iskandar Mustofa
No ratings yet
Script Configuracion rB2011
Document5 pages
Script Configuracion rB2011
Soldier
No ratings yet
Setting Mikrotik
Document10 pages
Setting Mikrotik
Lambace Kecci
No ratings yet
Firewall Mikrotik Brute Force
Document3 pages
Firewall Mikrotik Brute Force
Peel Duatiga Net
No ratings yet
Script Prioritas Game Online Labkom - Co.id
Document11 pages
Script Prioritas Game Online Labkom - Co.id
Aris Setyawan
No ratings yet
Cara Setting Mikrotik Anti NetCut Firewall Mikrotik
Document2 pages
Cara Setting Mikrotik Anti NetCut Firewall Mikrotik
Sigit Subagyo
No ratings yet
Script Mangle Queue
Document2 pages
Script Mangle Queue
Jasa Mikrotik
No ratings yet
Script
Document17 pages
Script
dhedoy kardiman
100% (1)
Template Script Mikrotik Routing Game Online: Ip Address Lokal - . Gateway Modem Game .
Document6 pages
Template Script Mikrotik Routing Game Online: Ip Address Lokal - . Gateway Modem Game .
Deny Iryanto
No ratings yet
Scrip Ega Chanel New Version 2 Isp Game Isp Khusus
Document41 pages
Scrip Ega Chanel New Version 2 Isp Game Isp Khusus
Iskandar Mustofa
No ratings yet
Script Blokir Virus Mikrotik
Document1 page
Script Blokir Virus Mikrotik
Bmg Har
No ratings yet
Bloqueo P2P Capa 7 - Mikrotik
Document1 page
Bloqueo P2P Capa 7 - Mikrotik
EDWIN
100% (1)
Scrip Mikrotik - Manajemen Banwidth
Document15 pages
Scrip Mikrotik - Manajemen Banwidth
internet rumah
No ratings yet
Mobile Legends
Document1 page
Mobile Legends
ahmad aminwahyudi
No ratings yet
Ega Chanel Scrip 4.5
Document45 pages
Ega Chanel Scrip 4.5
Zulfikar Fahmi
No ratings yet
Script Ok
Document2 pages
Script Ok
wanebe
No ratings yet
Mikrotik Loadbalance Hotspot
Document1 page
Mikrotik Loadbalance Hotspot
Adam Antz
No ratings yet
QoS + PCQ Mikrotik
Document4 pages
QoS + PCQ Mikrotik
Franklin Pinto
No ratings yet
Firewall Virus
Document3 pages
Firewall Virus
Marcela Fernández
No ratings yet
Block Brute Force Attack in Mikrotik Router
Document1 page
Block Brute Force Attack in Mikrotik Router
ReyRodriguezPalencia
No ratings yet
Load Balance Mikrotik 2 Isp
Document1 page
Load Balance Mikrotik 2 Isp
Bersama Ukhuwah
No ratings yet
OLT Comandos
Document1 page
OLT Comandos
J-Marley Israel
No ratings yet
Backup RAW Sosmed Game Browsing Youtube
Document4 pages
Backup RAW Sosmed Game Browsing Youtube
milla najmah
No ratings yet
Script Game
Document2 pages
Script Game
BuanaNetPbun
No ratings yet
Scrip Mikrotik
Document16 pages
Scrip Mikrotik
breaknetcf
No ratings yet
Google Prefix
Document1 page
Google Prefix
Monowarul Alam Monir
No ratings yet
List ! - List - List ! - List
Document12 pages
List ! - List - List ! - List
James Bold
No ratings yet
Pppoe Bandwidth Script - by Jose
Document2 pages
Pppoe Bandwidth Script - by Jose
Jose Gellado
No ratings yet
Magle
Document5 pages
Magle
Billia Milkam Efendi
No ratings yet
Dual Wan DHCP
Document2 pages
Dual Wan DHCP
Nerio Cordoba
No ratings yet
Queue Tree
Document4 pages
Queue Tree
fabiananggik
No ratings yet
Loadbalance PCC +NTH
Document1 page
Loadbalance PCC +NTH
Iskandar Mustofa
100% (1)
Pubg Address List
Document2 pages
Pubg Address List
sadman abedin talukder pranjol
No ratings yet
Setting Mikrotik Warnet
Document9 pages
Setting Mikrotik Warnet
Mas Jay
No ratings yet
Script Queues
Document8 pages
Script Queues
Ashari Jensakay
No ratings yet
Vpnpubg Mikrotik
Document2 pages
Vpnpubg Mikrotik
Lara Zain
No ratings yet
Balanceo Avanzado Con PPPoE Cliente 4 ISP v6
Document4 pages
Balanceo Avanzado Con PPPoE Cliente 4 ISP v6
Rolando Melgarejo
No ratings yet
Firewall Filters: Las Reglas Más Básicas Que Debe Tener Un RB Mikrotik
Document3 pages
Firewall Filters: Las Reglas Más Básicas Que Debe Tener Un RB Mikrotik
Sergio Rait Choque
No ratings yet
Mikrotik Warnet
Document43 pages
Mikrotik Warnet
boedie_m
No ratings yet
Proposal
Document2 pages
Proposal
Kayode Emmanuel
No ratings yet
Island: Bookshop House Churchgate Building Arise TV Parkview
Document1 page
Island: Bookshop House Churchgate Building Arise TV Parkview
Kayode Emmanuel
No ratings yet
Application For The Post of Graduate Trainee: Stanbicibtc Bank PLC
Document1 page
Application For The Post of Graduate Trainee: Stanbicibtc Bank PLC
Kayode Emmanuel
No ratings yet
Is The Route Visible Throughout The Internet? Even If You Have Successfully
Document1 page
Is The Route Visible Throughout The Internet? Even If You Have Successfully
Kayode Emmanuel
No ratings yet
Authorization To KKnotech
Document1 page
Authorization To KKnotech
Kayode Emmanuel
No ratings yet
Ppoe Server Configuration Ppp-Ppoe Server Binding - Profile - Local Address and Remote Address Ppoe Server - Service Name
Document5 pages
Ppoe Server Configuration Ppp-Ppoe Server Binding - Profile - Local Address and Remote Address Ppoe Server - Service Name
Kayode Emmanuel
No ratings yet
Mtctce 2
Document2 pages
Mtctce 2
Kayode Emmanuel
No ratings yet
CIDR
Document2 pages
CIDR
Kayode Emmanuel
No ratings yet
Network Engineer Details
Document3 pages
Network Engineer Details
Kayode Emmanuel
No ratings yet
CIDR
Document2 pages
CIDR
Kayode Emmanuel
No ratings yet
Certified Routing Engineer (MTCRE) : Duration: Outcomes
Document2 pages
Certified Routing Engineer (MTCRE) : Duration: Outcomes
Kayode Emmanuel
No ratings yet
Certified Routing Engineer (MTCRE) : Duration: Outcomes
Document2 pages
Certified Routing Engineer (MTCRE) : Duration: Outcomes
Kayode Emmanuel
No ratings yet
CCN Lab 2
Document8 pages
CCN Lab 2
Mustafa Fazal Abbas
No ratings yet
MC-TRX Intro, HW Descr PDF
Document32 pages
MC-TRX Intro, HW Descr PDF
ady10ar
No ratings yet
CMPak LTE Single Site Verification SSV ENodeB - ID 9070
Document52 pages
CMPak LTE Single Site Verification SSV ENodeB - ID 9070
Hameed Khan Khattak
100% (3)
Adhoc Networks Presentation
Document14 pages
Adhoc Networks Presentation
Abhishek Gupta
No ratings yet
MVA Jump Start: Configuring and Deploying Emergency Calling
Document34 pages
MVA Jump Start: Configuring and Deploying Emergency Calling
paulo marcelo sosa
No ratings yet
CSI104 Slot06
Document45 pages
CSI104 Slot06
Người Lạ
No ratings yet
4G Aggregate Hourly
Document310 pages
4G Aggregate Hourly
wardana_kusuma4493
No ratings yet
Internetworking With TCP - IP Vol II
Document11 pages
Internetworking With TCP - IP Vol II
Mohan Arumugavallal
No ratings yet
Digital Switching
Document147 pages
Digital Switching
bhargava712
No ratings yet
Lab 5: Basics of Redistribution, Configure OSPF On A Multi-Access Network
Document14 pages
Lab 5: Basics of Redistribution, Configure OSPF On A Multi-Access Network
Nguyễn Tiến Hoài
No ratings yet
HCIA-Routing and Switching V2.2 Entry Training Materials
Document397 pages
HCIA-Routing and Switching V2.2 Entry Training Materials
lluis31
No ratings yet
Diagnostics Information
Document37 pages
Diagnostics Information
Okta Febrianto
No ratings yet
Pembahasan Soal Paket 2 UKK TKJ 2019-2020a
Document3 pages
Pembahasan Soal Paket 2 UKK TKJ 2019-2020a
Hany TrihanOy
No ratings yet
Full Download Solution Manual For Computer Networking A Top Down Approach 6 e 6th Edition PDF Full Chapter
Document36 pages
Full Download Solution Manual For Computer Networking A Top Down Approach 6 e 6th Edition PDF Full Chapter
poke.sonorous6ye03
100% (20)
How Communication Works in Real-Time Projects
Document131 pages
How Communication Works in Real-Time Projects
Krishna Oodhorah
No ratings yet
DS K2600T Series Access Controller Datasheet V1.0 20201027
Document4 pages
DS K2600T Series Access Controller Datasheet V1.0 20201027
CRISTHIAN CAMILO QUINTIN CRUZ
No ratings yet
Drop Analysis.: Visit Out Forum For More
Document13 pages
Drop Analysis.: Visit Out Forum For More
Rishikesh Gupta
No ratings yet
NE40E&80E V600R008C10 Configuration Guide - WAN Access 01 PDF
Document356 pages
NE40E&80E V600R008C10 Configuration Guide - WAN Access 01 PDF
juanca06
No ratings yet
HW Avaya2
Document20 pages
HW Avaya2
cuchi
No ratings yet
SIP Call Transfer: Element (SP Edition) Command Reference: Unified Model at
Document4 pages
SIP Call Transfer: Element (SP Edition) Command Reference: Unified Model at
SandeepKumar
No ratings yet
List of Experiments
Document83 pages
List of Experiments
Rocky Samuel
No ratings yet
Nevion Product Catalog - 2013
Document116 pages
Nevion Product Catalog - 2013
Marcellin OMORES
No ratings yet
FBN 16-09 (2P)
Document2 pages
FBN 16-09 (2P)
Tariq
No ratings yet
HCIP-WLAN-CEWA V1.0 Lab Guide (CLI-based) PDF
Document240 pages
HCIP-WLAN-CEWA V1.0 Lab Guide (CLI-based) PDF
علي محمد
No ratings yet
MPMC - UnitIV - Serial Communication and Bus interface-Part-I
Document35 pages
MPMC - UnitIV - Serial Communication and Bus interface-Part-I
neha yarrapothu
No ratings yet
A88222654 - 22200 - 27 - 2018 - Network Design Issues
Document13 pages
A88222654 - 22200 - 27 - 2018 - Network Design Issues
Firoz kumar
100% (1)
QAM Implementation Using LabVIEW
Document21 pages
QAM Implementation Using LabVIEW
Vijaya Shree
100% (2)
Configuring PPTP VPN On A Cyberoam UTM With MS-CHAPv2 - MPA Systems PDF
Document2 pages
Configuring PPTP VPN On A Cyberoam UTM With MS-CHAPv2 - MPA Systems PDF
Decio Ramires
No ratings yet
CS/PS Core Network Planning: Who Should Attend?
Document3 pages
CS/PS Core Network Planning: Who Should Attend?
algard 29
No ratings yet
TNMS CT LCT Mode NCT Mode and at CT Mode
Document2 pages
TNMS CT LCT Mode NCT Mode and at CT Mode
Jonatan Soares
No ratings yet