Port scan issue

jtgiri · October 25, 2009, 3:53pm

HI guys, I have following rules in my routerOS but port scans still seem to go through. I am using the router in bridge mode, Am I missing something ?

0 ;;; Drop scanners
chain=forward action=drop protocol=tcp psd=21,3s,3,1

1 ;;; NMAP FIN Stealth scan
chain=forward action=drop tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp

2 ;;; SYN/FIN scan
chain=forward action=drop tcp-flags=fin,syn protocol=tcp

3 ;;; SYN/RST scan
chain=forward action=drop tcp-flags=syn,rst protocol=tcp

4 ;;; FIN/PSH/URG scan
chain=forward action=drop tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp

5 ;;; ALL/ALL scan
chain=forward action=drop tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp

6 ;;; NMAP NULL scan
chain=forward action=drop tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp

fewi · October 25, 2009, 4:22pm

Did you turn on “use-ip-firewall” under “/interface bridge settings”?

jtgiri · October 27, 2009, 1:27am

yes.
[admin@MikroTik] /interface bridge settings> print
use-ip-firewall: yes

jherrick · October 27, 2009, 2:00am

maybe try the bridge firewall, for some reason i couldnt get the ip firewall to filter bridge packets.