I just installed my CCR yesterday and am now trying to setup a firewall to protect access to the Mikrotik itself before going ahead with the rest of my configuration but it seems I am doing something not right as what rules I have it keeps being pingable (it should in the end but for now I want it to stop pinging so I know it works).
I have 2 uplinks placed in a bond for redundancy and let’s take the IP 1.1.1.1 as my router IP (of course that is not my real IP but for obvious reasons I am not going to place that here.)
This is an print of my firewall config as the export did not show the accept bits:
/ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; accept established connection packets
chain=input action=accept connection-state=established log=no log-prefix=""
1 ;;; accept related connection packets
chain=input action=accept connection-state=related log=no log-prefix=""
2 ;;; drop invalid packets
chain=input action=drop connection-state=invalid log=no log-prefix=""
3 ;;; Allow Management
chain=input action=accept src-address-list=MGMT log=no log-prefix=""
4 ;;; Drop and log everything else
chain=input action=drop in-interface=uplink log=yes log-prefix=""
What I am trying to do for now is, block everything coming in on the Mikrotik itself, the 1.1.1.1 IP (ssh,webfig,winbox etc) except for the IP’s listed in the MGMT list.
Anyone that can help me shine a light on what I am doing wrong here?