I’m somewhat new to MikroTik and have a CCR2004-16G-2S+PC that I am using as my core router at home. I was wondering if my configuration could please be checked over and if there’s any improvements I could make to it, maybe by trimming down firewall rules for example (I essentially copied my rules from the default config on something like a hAP and am not sure if it’s entirely optimal, I think there are rules for some features I’d never use).
Btw, don’t worry about fasttrack being enabled while I’m using queueing, I found out from this thread that it’s possible to do and it does actually work very well!
All suggestions would be greatly appreciated, thanks so much I have attached my sanitised config to this post.
From ipv6 firewall filter
add action=accept chain=input comment="accept UDP traceroute" port=
33434-33534 protocol=udp
port= should be dst-port= (Was a bug in rules)
from ip firewall filter
add action=drop chain=input comment="block WAN access" in-interface-list=WAN
Thank you guys, I’ve now switched my IPv4 and v6 firewalls over to the latest defaults from 7.22.1 Is there any ‘trimming’ I can do of these rules, i.e I see some rules relating to CAPsMAN and IPsec which are things I’ll never use, are these safe to be deleted?
There isn't a reason to remove rules from the default, in the sense that a never used (because it catchs nothing) rule does not imply a noticeable increase in CPU or memory usage (and not even one that actually catches something, we are talking of maybe 1% every 4 rules or so), lurker888 made a few tests that I tried to condense in a simple graphic, see here:
I have attached my sanitised config to this post.