firewall fiter rules for home network

hscheff · June 10, 2007, 10:15pm

I have just started using a router board for wireless connection to my ISP.
Wireless uplink connects to the ISP network using PPPoE and ether1 connects to my home network.

NAT masquerade is in place.
I have set basic rules on the input chain to protect the router.
I am now setting up firewall filter rules to protect my home network.
I do not run any services on my network so a very simple setup is required.
Block off incoming as far as possible and only allow what is needed going out.
Out-going connections is mostly web browsing (http/ftp) and email (POP3/SMTP).
I also use Google Earth and Skype & VOIP, but support for this I can add later.

How do I block all incoming connections through the router, but allow “normal” outgoing connections?
Any suggestions for a basic rule set to start with?
Thanx.

gmsmstr · June 12, 2007, 8:49pm

NAT does most of this. If you don’t have DST NAT rules, and you already setup your inbound rules, then you should be set. Outbound will go thoguh the masq and only things you request for will come in for the most part, there is some trickery that skype does, but not much you can or would want to do about it.

Dennis Burgess
St. Louis Network Engineering Services
http://www.mikrotikconsulting.com
dmburgess@mikrotikconsulting.com
Certified Mikrotik Engineer