Port 80 always open

subseven · March 31, 2014, 2:10pm

I connected my new Mikrotik Router rb951g-2hnd (standard configuration) and made a portscan from wan to my router.
Port 80 is alwas open (nmap portscanner)
All the standard Firewall rules are activated and I even deactivated the web management service.
Wich rule I have to make to block port 80?
The standard forward Firewall rules only allow established connections, so I wondering.
Can somebody please help me? Probably it’s quite easy

rickfrey · April 2, 2014, 2:38pm

Are you scanning from the LAN side or the WAN side?

subseven · April 2, 2014, 2:55pm

I’m scanning from the wan-side from a different location.

bingo220 · April 2, 2014, 4:32pm

/ip firewall filter
add chain=input protocol=icmp action=accept comment=”Allow Ping”
add chain=forward protocol=icmp action=accept
add chain=input connection-state=established action=accept comment=”Accept established connections”
add chain=forward connection-state=established action=accept
add chain=input connection-state=related action=accept comment=”Accept related connections”
add chain=forward connection-state=related action=accept
add chain=input connection-state=invalid action=drop comment=”Drop invalid connections”
add chain=forward connection-state=invalid action=drop
add chain=input protocol=udp action=accept comment=”Allow UDP”
add chain=forward protocol=udp action=accept
add chain=forward src-address=192.168.88.0/24 action=accept comment=”Access to Internet from local network”
add chain=input src-address=192.168.88.0/24 action=accept comment=”Access to Mikrotik only from our local network”
add chain=input action=drop comment=”All other drop”
add chain=forward action=drop

subseven · April 2, 2014, 6:55pm

bingo220:

/ip firewall filter
add chain=input protocol=icmp action=accept comment=”Allow Ping”
add chain=forward protocol=icmp action=accept
add chain=input connection-state=established action=accept comment=”Accept established connections”
add chain=forward connection-state=established action=accept
add chain=input connection-state=related action=accept comment=”Accept related connections”
add chain=forward connection-state=related action=accept
add chain=input connection-state=invalid action=drop comment=”Drop invalid connections”
add chain=forward connection-state=invalid action=drop
add chain=input protocol=udp action=accept comment=”Allow UDP”
add chain=forward protocol=udp action=accept
add chain=forward src-address=192.168.88.0/24 action=accept comment=”Access to Internet from local network”
add chain=input src-address=192.168.88.0/24 action=accept comment=”Access to Mikrotik only from our local network”
add chain=input action=drop comment=”All other drop”
add chain=forward action=drop

Thank you for your answer.
I put in all the rules but now not only port 80 is open (tcp). Now even port 53 (udp) is open

docmarius · April 2, 2014, 9:13pm

You should consider disabling the www service for your wan port under IP → Services:

/ip service
set www address=192.168.88.0/24

or even disable it completely:

/ip service
set www disabled=yes

subseven · April 3, 2014, 5:12am

thank you docmarius.
I already did this.

bingo220 · April 3, 2014, 7:45am

udp 53 is open because of:

add chain=input protocol=udp action=accept comment=”Allow UDP”

Disable it if you need.

subseven · April 3, 2014, 8:26am

bingo220:

subseven:

I put in all the rules but now not only port 80 is open (tcp). Now even port 53 (udp) is open

udp 53 is open because of:
add chain=input protocol=udp action=accept comment=”Allow UDP”
Disable it if you need.

Yes I disabled it. But port 80 is still open. What service is still running?

bingo220 · April 3, 2014, 9:52am

subseven, port 80 takes “www” service.
It has to be closed if you followed this post:

subseven · April 3, 2014, 11:00am

already followed:
“thank you docmarius.
I already did this.”

subseven · April 3, 2014, 2:39pm

I want to apologize. I scanned from a remote network. This network is behind a pfsense firewall (proxy).
So Nmap thought port 80 is open.
Sorry again!

rickfrey · April 3, 2014, 2:45pm

No worries