Firewall block access rule

m1m1 · February 22, 2022, 2:06pm

Hello dear friends,
I need help about firewall rule. I have NAS server with SMB shares connected directly to Mikrotik RB760iGS on IP 192.168.1.2 in network 192.168.0.0/22. I would like to block all traffic between WAN and NAS server ( killing its internet connection ) so NAS is reachable only from LAN for SMB shares, RDP and some other services.
I added 2 rules:

7 X ;;; Block traffic to NAS
chain=forward action=drop dst-address=192.168.1.2 in-interface=ether1-WAN
log=no log-prefix=“”

8 X ;;; Block traffic from NAS
chain=forward action=drop src-address=192.168.1.2
out-interface=ether1-WAN log=no log-prefix=“”

When enable any of thiese two rules ping to 1.1.1.1 etc instantly drop. So my question is is this correct at all, first rule will block traffic from NAS to WAN and second rule will block traffic from WAN to NAS? Correct?
Thanx in advance

Sob · February 22, 2022, 5:25pm

Yes, first blocks anything from 192.168.1.2 going to ether1-WAN, second blocks anything from ether1-WAN to 192.168.1.2. And you shouldn’t really need second one, because connections from internet should be blocked anyway (you should do that with firewall; default one does it), only exceptions are forwarded ports and you can simply not add those.