Hallo members
please help me how i can block port 25 on my mikrotik router .
thank you in advance
regards
james
Not enough info provided. I guess you probably want to block direct smtp access to fight with spam, for which you’d want something like this:
/ip firewall filter
add action=reject chain=forward dst-port=25 protocol=tcp reject-with=tcp-reset
It blocks forwarding tcp/25 from anywhere to anywhere.
…but only for packets traversing the router.
For blocking SMTP connection attempts to the router itself you’ve got to duplicate this rule to the input chain.
If there’s really heavy attempts to tcp/25 I’m not sure if you do yourself a favor with rejecting it - I’d rather suggest to tarpit or drop the connection which occupies less CPU power - and tarpit additionally binds attackers resources.
-Chris
you want to block port 25 (SMTP) on witch chain ?
input / output or forward.
you can use the following commands:
/ip firewall filter
add action=drop chain=input port=25 protocol=tcp
add action=drop chain=input port=25 protocol=udp
add action=drop chain=out port=25 protocol=udp
add action=drop chain=fo port=25 protocol=udp
add action=drop chain=fo port=25 protocol=tcp
add action=drop chain=out port=25 protocol=tcp
or you can reject the tcp 25 port with reject action.
Sure, but last time I checked, RouterOS didn’t offer smtp server and nothing else uses port 25 by default. It’s of course possible that OP set some other service to use port 25, but didn’t say so. I just guessed the most likely scenario.