Hey Folks, I know this works, but I cannot figure out what I am doing wrong.
Basically, have a tik running 2.8.18, eth0 set for the LAN side, eth 1 set for the WAN side.
My goal is to allow ALL lan traffic outbound, and only certain ports IN bound to the lan, here is the ruleset I have setup in my forward chain, IP’s changed to protect the innocent.
Lan side is 1.2.3.192/26 (made up for posting purposes), the fileter-chains forward policy is set to drop on default.
Here is the rule set, hopefully another set of eyes can figure out where/what I am doing wrong:
Here is a dump of the rule set, trying to allow all outbound, a few subnets to pass inbound for testing, and a few ports open for inbound, and then rejecting the rest.
/ip firewall rule forward print detail
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=1.2.3.192/26 action=accept
1 src-address=63.219.177.24/30 action=accept
2 src-address=63.219.177.28/30 action=accept
3 src-address=205.177.4.0/24 action=accept
4 dst-address=1.2.3.192/26:80 protocol=tcp action=accept
5 dst-address=1.2.3.192/26:443 action=accept
6 dst-address=1.2.3.192/26:22 protocol=tcp action=accept
7 dst-address=1.2.3.192/26:22 protocol=udp action=accept
8 dst-address=1.2.3.192/26:7000 protocol=tcp action=accept
9 dst-address=1.2.3.192/26:53 protocol=udp action=accept
10 action=reject