How to secure BtestServer?

dcavni · October 31, 2022, 2:44pm

Hi,

Is there any way to secure BtestServer running on Mikrotik so it can be acessed without general rules:

add action=accept chain=input comment="BTEST " protocol=tcp
add action=accept chain=input comment="BTEST " protocol=udp

Without those rules firewall on device doesn’t allow connection to device with Btest client from WAN. I know that i can add certain IP in src. adress but then i cannot test from more locations and i have to change this ip for every test from different location.

rextended · October 31, 2022, 10:53pm

with this two rule you destroy all firewall security

nichky · October 31, 2022, 11:43pm

extremely basic

/ip firewall filter 
#===accept===
add action=accept chain=input dst-port=2000-2100 protocol=udp src-address-list=lan
add action=accept chain=input dst-port=2000-2100 protocol=tcp src-address-list=lan
#===drop===
add action=drop chain=input  dst-port=2000-2100 protocol=tcp 
add action=drop chain=input  dst-port=2000-2100 protocol=udp

/ip firewall address-list add list=lan address=192.168.x.0/24

dcavni · November 1, 2022, 6:08am

I know that, that is why i'm asking. I will try the rules above.

dcavni · November 1, 2022, 11:36am

extremely basic

/ip firewall filter 
#===accept===
add action=accept chain=input dst-port=2000-2100 protocol=udp src-address-list=lan
add action=accept chain=input dst-port=2000-2100 protocol=tcp src-address-list=lan
#===drop===
add action=drop chain=input  dst-port=2000-2100 protocol=tcp 
add action=drop chain=input  dst-port=2000-2100 protocol=udp

/ip firewall address-list add list=lan address=192.168.x.0/24

If i understand correctly, this only allows btest from 192.168.x.0/24 ?

nichky · November 1, 2022, 9:24pm

correct