Could someone please tell me how to stop the public ip from seeing MT login screen on port 80
I’m using a MikroTik 5 port RouterBoard with WinBox, port 1 is my lan and port 5 is my wan.
The better question is how to stop ones on the outside from snooping around my ports on the public side?
You can limit the addresses or subnets that can “see” the HTTP of the router by setting it under :
IP / SERVICES… Look at winbox and www settings..
REMEMBER what this means when you set them !!!
also RTFM to make sure ths is what you WANT to do… 
I can lead you to the menu, I cant make you use it correctly 
Hope this helps and have a GREAT ONE !!
firewall filter chain=input in-interface=public action=drop - isn’t it more elegant? =)
I would like to keep the winbox port open and I will be setting up some in coming ports like public side port 84 and port 85 to be forward to my door cam and my security system, would the above stop the forwarding?
my rule affects only incoming traffic for router, not affecting forwarded traffic. if you need winbox - allow winbox port by one more rule above
Chapuka, Simple firewall rule rules!
Then you can do stuff like set up a vpn and access the webbox from vpn network only.
Chapuka?.. O_o I don’t like this =))
well, if you are crazy of security, you may create the following system: you can connect with Winbox only after you telnetted to something port of the router, and even to two ports. for example, first ‘telnet router_ip 12345’, then ‘telnet router_ip 54321’, and only after that you are allowed to connect to Winbox port =)
and al this just with the help of simple firewall rules =)
I remember a posting about this a while back…
I belive there was a posting on the WIKI on how to do this…
This is a very interesting method, as it allows field techs to adjust settings at the “NOC” while in the field
while still maintaining security from the outside…
I belive you could also script a job and schedual it to reset any entries that a thech forgot…
I dont see any aging settings in the firewall menues… IE active for 15 Min… but I could be missing it..
Hope this helps !!