Hi guys,
Please help me what us wrong with ICMP rules… I cant ping from outside to want interface from Mikrotik. If I switch off rules nr.7 its works but with switch on is not working…but rules for ICMP is above
Thanks in advance.
/ip firewall filter export
Screenshot say nothing…
but the export talk:
/ip firewall filter
add action=accept chain=input comment=“ACCEPT ICMP” packet-size=100 protocol=icmp
Why packet size 100?
Accept only ICMP with exactly that size.
You also mix rules, usually est./relat. are on top, and is missing “drop invalid” on both chain
do not exist “optimal packet size”, must be a range (at least packet-size=0-1600) remove that settings.
WARNING:
add action=accept chain=input comment=“ACCEPT DNS” in-interface=“ether1 - WAN” protocol=udp src-port=53
expect self-destruction by DDoS
move
add action=accept chain=input comment=“ACCEPT related,established” connection-state=established,related
on top
create (paste on terminal) and put this just under the first:
/ip firewall filter
add action=drop chain=input comment="defconf: DROP invalids" connection-state=invalid
move
add action=accept chain=forward comment=“defconf: accept established,related” connection-state=established,related
just under input Drop any from WAN
create (paste on terminal) and put this just under the previous forward established,related:
/ip firewall filter
add action=drop chain=forward comment="defconf: DROP invalids" connection-state=invalid