I’m using a Mikrotik as my home edge router. It’s just for residential use, no business services running inside. I have Back-to-Home enabled and working fine, but I want to lock down my firewall completely to block any external access to the router, except for Back-to-Home.
At the same time, I’d like to set up a Knock-on-Port system so I can access it remotely when needed.
Does anyone have a good set of firewall rules for this setup? Or any recommendations on how to properly configure this while keeping it as secure as possible?
Default firewall filter rules already block everything from WAN side. Do you have any reason not to stick to them?
BTW, BTH is connection which in principle starts ftom your router if you enable BTH. Connection is done towards MT’s servers and by doing that, you delegate care about a bit of your security to their servers.
My MikroTik didn’t come with any default firewall rules, just the two dynamic ones from BTH and a basic masquerade rule in NAT. I always wipe the config completely before setting it up.
So, I need to manually add the firewall rules to block everything from WAN but keep BTH working. Any recommendations on what’s the best way to set this up?
This is not a second-hand device. I purchased it from a distributor, and it has always been mine. However, before configuring, I usually perform a reset and erase the default settings.
I'm considering resetting it again but keeping the default configuration this time to have the pre-configured firewall.