Port scanner shows port 53 open although blocked in firewall

Jacka · July 31, 2020, 9:27am

Hi all,

I’m undertaking some security improvements on my Mikrotik router and I’m running a port scanning software from a remote host to see what ports are open from outside. Although I drop port 53 udp/tcp, the scanner shows that the port is open. How come? Thank you.

Yes, I have enabled “Allow Remote Requests” in DNS, but it shouldn’t matter

/ip firewall filter add action=drop chain=input comment="Deny DNS from Outside" dst-port=53 in-interface=WAN protocol=tcp
/ip firewall filter add action=drop chain=forward comment="Deny DNS from Outside" dst-port=53 in-interface=WAN protocol=udp
/ip firewall filter add action=drop chain=input comment="Deny DNS from Outside" dst-port=53 in-interface=WAN protocol=udp
/ip firewall filter add action=drop chain=forward comment="Deny DNS from Outside" dst-port=53 in-interface=WAN protocol=tcp

jprietove · July 31, 2020, 9:41am

Are you sure you are making your scan from the interface called WAN?

sindy · July 31, 2020, 9:43am

Post the complete export of the firewall and the output of /interface print. Order of rules matters, so your “drop the DNS requests” rule may be shadowed by some permissive one. Check my automatic signature below regarding anonymisation.

Jacka · July 31, 2020, 10:56am

Solved. Had an accept rule above that couldn’t find. Thank you.

CZFan · July 31, 2020, 6:46pm

And in there lies the magic in posting “full configs” when asking help, due to COVID-19 crystal ball manufacturing has been closed down