Firewall Rules

nbd123 · October 1, 2010, 6:01am

Hi

a few weeks back I was trying to configure outbound firewall on my RB450
I have two Subnets 192.168.1.0 /24
10.1.2.0 /24
One subnet for home and one for office

what I need is to allow all outbound on the 192.168.1.0 /24 subnet and no outbound asside from basic services on the office 10.1.2.0/24 subnet

eg 192.168.1.0 /24 outbound any all allow

10.1.2.0 /24 outbound dest TCP 80 allow
10.1.2.0 /24 outbound dest TCP 443 allow
10.1.2.0 /24 outbound dest TCP 53 allow
10.1.2.0 /24 outbound any all deny

I use this type of scenario with Sonicwalls at work but cant get it to work with the RB450
when I tried it would either not work and all outbound traffic would be allowed to go out or it would block all traffic all together

could anyone help me achieve this.

thanks

gzohop · October 1, 2010, 8:20pm

Post the rules you have put on RB it will be easier to find out what is wrong

ditonet · October 1, 2010, 8:32pm

Hi,

For 10.1.2.0 /24:

/ip firewall filter
add action=drop chain=forward comment="" disabled=no dst-address=\
    !10.1.2.0 /24 dst-port=!80,443 protocol=tcp src-address=\
    10.1.2.0 /24
add action=drop chain=forward comment="" disabled=no dst-address=\
    !10.1.2.0 /24 dst-port=!53 protocol=udp src-address=\
    10.1.2.0 /24

Assumed that you want port 53 for DNS, it’s UDP.
For 192.168.1.0 /24 don’t set any block rules for outgoing traffic.

Regards, Grzegorz.

nbd123 · October 6, 2010, 8:54am

thanks you guys for your input on this
I have now sorted this with your help.

cheers and happy routing