Hi I wanted to check if there is a way to put a block all rule at the bottom of the firewall rules, like on a cisco or checkpoint firewall; on the lines of Deny any any. So that unless your traffic matches any of the allowed rules above your traffic will be dropped.
As I tried to add a rule below at the bottom of any regular rules but it just dropped all traffic in to the router.
chain=input action=drop src-address=dst-address= log=yes log
Mikrotik check its firewall rules from the top. so drop all rule needs to be at the very bottom, traffic does not match any of the rules before it, will be dropped.
so normally in input chain, you would have drop invalid, accept winbox on 8291 and any other traffic you wish to allow, accept established and related, then drop all
Place something like this at the bottom of your rules and you’ll be good to go.
/ip firewall filters
add action=drop chain=input comment="DROP ALL" in-interface=WAN-INTERFACE
Notice that it does not specify source or destination addresses (as not needed in my opinion) or logging as it will get hit a lot but specifies only traffic coming up your WAN as you don’t want to lock yourself out locally.
Thanks you very much