Block External IP RouterOS Login

Hawkster13 · November 15, 2014, 12:38pm

Hi all,

I would like to block/disable the option for being able to connect to my RouterOS config from my Public/external IP.
I would want to only be able to login from my internal IP.

As I am seeing a lot of connections trying to login into my RouterOS by the Public IP I have.

Thanks in advance for your help.

marrold · November 15, 2014, 1:02pm

You need to drop input traffic on your WAN interface(s). Be careful, if you get it wrong you might block access yourself.

Safe mode is your friend.

Rudios · November 15, 2014, 1:17pm

Build your firewall rules something like this
/ip firewall filter
add chain=input connection-state=invalid action=block comment=“Block invalid packets”
add chain=input connection-state=established comment=“Allow packets for established connections”
add chain=input connection-state=related comment=“Allow packets for related connections”
add chain=input in-interface= comment=“Allow packets coming from your local/internal lan”
add chain=input action=block comment=“Block all other traffic”

ditonet · November 15, 2014, 1:42pm

Restrict access to router using ‘IP/Services’ as described here:
http://wiki.mikrotik.com/wiki/Manual:IP/Services

HTH,

Hawkster13 · November 16, 2014, 11:41pm

Thank you guys! Got it working much appreciated