Firewall rules + fastpath

Murmaider · October 21, 2016, 4:18am

Generally I like to follow the principal of “don’t firewall on your routers and don’t route on your firewalls”
But in saying that, there is a use case whereby you want to limit ip access to the router itself.
An example would be limiting ip access to your BGP peers and your management network.

These are all INPUT rules, but once enabled, fastpath is obviously disabled.

I looked at fasttrack, but I’m worried about the performance impact of a connection tracking table size of 700k - 1M entries..

Is there a solution to restrict ip access to the mikrotik router itself while still having fastpath for routed packets?

Maggiore81 · October 23, 2016, 10:18am

I would set the IP SERVICES rules to restrict access to your router

Murmaider · October 25, 2016, 2:39pm

Where are the IP SERVICE rules located?

blajah · October 25, 2016, 2:48pm

ip services in console

or IP menu, then services submenu on Winbox

MARKNOEL11 · October 26, 2016, 11:22am

Hello to all!

I just want to ask regarding with my mikrotik router 1100ah.
My problem is when I search a website (example-www.yahoo.com) It takes time to appear. But when I search a www.google.com it comes out easily.
When can I see the configuration in winbox? Hoping to find solution and can find answer here.

Thanks.