Hi,
I recently purchased a RB750r2 and I am having a little trouble understanding how to block a specific port from WAN access.
I added a filter rule to drop on input for ethernet 1 for the specific port but when I do a port scan it still shows the port is open.
Any help would be greatly appreciated.
Thanks,
Jude
If I understand correctly you want to block a port access from internal network to the internet. On a default configuration this can be easily done by doing:
ip firewall filter add chain=forward in-interface=bridge out-interface=ether1 protocol=tcp dst-port=443 action=drop
Probably your mistake is using the input chain. Input is to the router itself. Forward is for traffic passing through the router.
Please just remember, I know is somewhat confusing, input chain is for traffic going to the router, forward chain is for traffic going through the router and output chain is for traffic going out of the router itself.
Hope this helps.