Should I have this first position “passthrough” or maybe it should be deleted? Does it make router less safe?
Is it necessary to extend these basic firewall rules or they are safe enough for typical user like me?
Maybe I should replace these tutorial ip firewall rules with default ip firewall rules? Probably there are more firewall rules in default config than in tutorial.
The “D” in the flags column means it’s a dynamic rule, created by the router when you add the fasttrack rule. If you try to delete it, the OS will give a complaint like “cannot remove builtin”.
Does it make router less safe?
RouterOS wouldn’t automatically add it if it did.
Is it necessary to extend these basic firewall rules or they are safe enough for typical user like me? > >
Thanks for reply. Just to be sure. Is it better to stay with these firewall rules which i attached as image or just reset router to default router configuration with default ip firewall rules (different that on my photo)?
Yes. Building a firewall from scratch is either an educational exercise, a hold-my-beer stunt, or a sign that you’re way up at the top end of the expertise curve.
And incidentally, I happened to have roached my RB4011 since my prior post, giving me the opportunity (hah!) to netinstall it and pull a fresh defconf. You can see the differences relative to 7.15.2 here. The biggest is the addition of the IPv6 fasttrack rule.
