Remove Rule in Address Lists

RouterOS General
1

Hello Folks,

I am trying to remove the rules “Boleh HTTPS” in Mikrotik but i don’t know where to start to.

This rule was set by the previous IT guy.

please look at the picture below where circled it

i am trying to delete those rules.

Those rules mean that mikrotik will only allow any https connection to listed website in address list because by default it is denied, so now i want to allow the https connection (as default rules), so how to do this guys?

2

Mark it and press red cross for deactivation or blue minus for removal.

3

Sorry, i mean i want to completely remove it even in picture below and set the default https connection to allow

4

Then I think you have two options:

  1. reorganize the firewall rules in order not to check the address lists and allow the traffic by default.
  2. put the “0.0.0.0” as member of “BolehHTTPS” address list. It will find every address as fitting the address list (hope addresses written in the address list are the allowed ones - according the rules that were not shown).

So try the second option first and you will see… But the first option would perform faster (but expects some knowledge).

5

I still want to check for the address list, because there some rules that still needed such whose able to use the internet. All I want is to disable “Boleh HTTPS”. Boleh HTTPS is a rule that allow our user to use https connection to any listed IP address of the website in the address list.

6

So simply remove the address list check from corresponding firewall filter rule.

7

the problem is that i cannot find it in the firewall filter rules , where could it be?

Here is the list of the filter rules

MMM      MMM       KKK                          TTTTTTTTTTT      KKK
  MMMM    MMMM       KKK                          TTTTTTTTTTT      KKK
  MMM MMMM MMM  III  KKK  KKK  RRRRRR     OOOOOO      TTT     III  KKK  KKK
  MMM  MM  MMM  III  KKKKK     RRR  RRR  OOO  OOO     TTT     III  KKKKK
  MMM      MMM  III  KKK KKK   RRRRRR    OOO  OOO     TTT     III  KKK KKK
  MMM      MMM  III  KKK  KKK  RRR  RRR   OOOOOO      TTT     III  KKK  KKK

  MikroTik RouterOS 4.13 (c) 1999-2010       http://www.mikrotik.com/


[admin@MikroTik] > ip
[admin@MikroTik] /ip> fire
[admin@MikroTik] /ip firewall> filter 
[admin@MikroTik] /ip firewall filter> print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=accept src-address=192.168.103.5 

 1   ;;; ACCEPT ALL TO EMAIL
     chain=forward action=accept connection-state=new dst-address=192.168.103.5 
     src-address-list=All 

 2   chain=forward action=accept protocol=tcp dst-address=192.168.103.5 dst-port=25 

 3   chain=forward action=accept protocol=tcp src-port=7725 

 4   chain=forward action=accept protocol=tcp dst-port=7725 

 5   chain=forward action=accept protocol=udp src-port=7725 

 6   chain=forward action=accept protocol=udp dst-port=7725 

 7   chain=forward action=accept protocol=tcp src-port=5160 

 8   chain=forward action=accept protocol=tcp dst-port=5160 

 9   ;;; Allow Group Super To Access Facebook
     chain=forward action=accept src-address=192.168.103.68 layer7-protocol=yahoo-messenger 

10   chain=forward action=accept dst-address=192.168.103.68 

11   chain=forward action=accept src-address=192.168.1.35 

12   chain=forward action=accept dst-address=192.168.1.35 

13   ;;; Hery
     chain=forward action=accept src-address=192.168.103.67 

14   ;;; Hery
     chain=forward action=accept protocol=tcp dst-address=192.168.103.67 dst-port=5903 

15 X ;;; Conference To Song
     chain=forward action=accept src-address=192.168.1.108 dst-address=192.168.103.248 

16 X ;;; Drop Facebook
     chain=forward action=drop layer7-protocol=(unknown) 

17   ;;; Joseph to all
     chain=forward action=accept connection-state=new src-address=192.168.103.66 

18   ;;; Vnc To Joseph
     chain=forward action=accept protocol=tcp dst-address=192.168.103.66 dst-port=5902 

19   chain=forward action=accept src-address=192.168.103.210 

20   chain=forward action=accept dst-address=192.168.103.210 

21   chain=forward action=accept src-address=192.168.4.9 

22   chain=forward action=accept dst-address=192.168.4.9 

23   ;;; EXT TO ERP
     chain=forward action=accept src-address=192.168.103.1 dst-address=192.168.2.138 

24   ;;; mr song to all
     chain=forward action=accept connection-state=new protocol=tcp src-address=192.168.103.248 

25   ;;; Ftp to all
     chain=forward action=accept src-address=192.168.103.10 

26   ;;; Gavin to ALL
     chain=forward action=accept src-address=192.168.1.172 

27   ;;; All to ftp
     chain=forward action=accept dst-address=192.168.103.10 

28   ;;; TIMEPRINT PGA TO FILESERVER
     chain=forward action=accept connection-state=new src-address=192.168.2.129 
     dst-address=192.168.1.4 

29   chain=forward action=accept src-address=192.168.1.4 dst-address=192.168.2.129 

30   ;;; Fileserver to Camera
     chain=forward action=accept src-address=192.168.1.4 

31   chain=forward action=accept dst-address=192.168.1.4 

32   ;;; eu comp temporary
     chain=forward action=accept src-address=192.168.2.240 

33   ;;; eu comp temporary
     chain=forward action=accept protocol=tcp dst-address=192.168.2.240 dst-port=5904 

34   chain=forward action=accept src-address=192.168.4.21 

35   chain=forward action=accept dst-address=192.168.4.21 

36   chain=forward action=accept src-address=192.168.2.32 

37   chain=forward action=accept dst-address=192.168.2.32 

38   chain=forward action=accept src-address=192.168.2.32 dst-address=192.168.4.250 

39   chain=forward action=accept src-address=192.168.1.50 

40   chain=forward action=accept src-address=192.168.1.11 

41   ;;; Camera
     chain=forward action=accept src-address=192.168.2.41 

42   ;;; Camera
     chain=forward action=accept src-address=192.168.2.42 

43   ;;; Camera
     chain=forward action=accept src-address=192.168.2.43 

44   ;;; Camera
     chain=forward action=accept src-address=192.168.2.44 

45   ;;; Camera
     chain=forward action=accept src-address=192.168.2.46 

46   ;;; Camera
     chain=forward action=accept src-address=192.168.2.47 

47   ;;; Camera
     chain=forward action=accept src-address=192.168.2.48 

48   ;;; Camera
     chain=forward action=accept src-address=192.168.2.49 

49   ;;; Camera
     chain=forward action=accept src-address=192.168.2.50 

50   chain=forward action=accept connection-state=established 

51   chain=forward action=accept connection-state=related 

52   chain=forward action=accept connection-state=established 

53   chain=input action=accept connection-state=related 

54   chain=forward action=drop connection-state=invalid 

55   chain=input action=drop connection-state=invalid 

56   ;;; ssh
     chain=forward action=accept protocol=tcp src-address=0.0.0.0 src-address-list=All 
     dst-address-list=All dst-port=22 

57   chain=forward action=accept src-address=192.168.1.249 

58   ;;; Erp to All
     chain=forward action=accept connection-state=new src-address=192.168.2.138 

59   ;;; Cctv to all
     chain=forward action=accept connection-state=new src-address=192.168.1.52 

60   ;;; Conference to all
     chain=forward action=accept connection-state=new src-address=192.168.1.108 
     dst-address-list=All 

61   chain=forward action=accept connection-state=new src-address-list=Server 

62   ;;; Allow YM PORT
     chain=forward action=accept connection-state=new protocol=tcp port=5050 

63   ;;; ACCEPT YM
     chain=forward action=accept protocol=tcp src-address-list=Boleh YM 
     layer7-protocol=yahoo-messenger 

64   ;;; Gavin to ALL
     chain=forward action=accept connection-state=new src-address=192.168.2.172 

65   ;;; Mardanus to pajak
     chain=forward action=accept protocol=tcp src-address=192.168.2.25 dst-port=8080 

66   ;;; suwendi to pajak
     chain=forward action=accept protocol=tcp src-address=192.168.1.42 dst-port=8080 

67   ;;; UIB Portal
     chain=forward action=accept connection-state=new protocol=tcp dst-port=81 

68   ;;; Boleh Skype
     chain=forward action=accept connection-state=new protocol=tcp src-address-list=Boleh SKYPE 
     dst-port=443 

69   ;;; ACCEPT - ALL HTTPS
     chain=forward action=accept connection-state=new protocol=tcp dst-address-list=Boleh HTTPS 
     dst-port=443 

70 X ;;; BLOCK - ALL HTTPS
     chain=forward action=drop connection-state=new protocol=tcp port=443 

71   chain=forward action=accept connection-state=new protocol=tcp port=21 

72   chain=forward action=accept connection-state=new protocol=tcp port=25 

73   chain=forward action=accept connection-state=new protocol=tcp port=110 

74   ;;; TIMEPRINT PGA TO FILESERVER
     chain=forward action=accept connection-state=new src-address=192.168.2.74 
     dst-address=192.168.4.9 

75   chain=forward action=accept connection-state=new protocol=tcp port=53 

76   ;;; BLOCK YM ALL
     chain=forward action=add-src-to-address-list src-address-list=All address-list=cek ym 
     address-list-timeout=0s layer7-protocol=yahoo-messenger 

77   ;;; BLOCK YM ALL
     chain=forward action=drop src-address-list=All layer7-protocol=yahoo-messenger 

78   ;;; ACCEPT TELNET SUPER TO ROUTER
     chain=input action=accept protocol=tcp src-address-list=Super dst-port=23 

79   ;;; ACCEPT PING SUPER TO ROUTER
     chain=input action=accept protocol=icmp src-address-list=Super 

80 X ;;; TELNET BLOCK ALL TO ROUTER
     chain=input action=drop protocol=tcp dst-port=23 

81   ;;; CONFERENCE TO ALL
     chain=forward action=accept connection-state=new src-address=192.168.1.130 
     dst-address-list=All 

82   ;;; WEBSERVER TO TERAS
     chain=forward action=accept connection-state=new src-address=192.168.2.2 
     dst-address=192.168.103.147 

83   ;;; FINANCE TO TERAS
     chain=forward action=accept connection-state=new src-address=192.168.1.144 
     dst-address=192.168.103.147 

84   ;;; ERP TO TERAS
     chain=forward action=accept connection-state=new src-address=192.168.2.138 
     dst-address=192.168.103.147 

85   ;;; FILESERVER TO TERAS
     chain=forward action=accept connection-state=new src-address=192.168.1.4 
     dst-address=192.168.103.147 

86   ;;; SUPER TO ALL
     chain=forward action=accept connection-state=new src-address-list=Super 
     dst-address-list=All 

87   ;;; ACCEPT -All To BAYU scanner
     chain=forward action=accept connection-state=new dst-address=192.168.2.23 

88   ;;; ACCEPT ALL TO WEBSERVER
     chain=forward action=accept connection-state=new dst-address=192.168.2.2 
     src-address-list=All 

89   ;;; ACCEPT ALL TO ERP
     chain=forward action=accept connection-state=new dst-address=192.168.2.138 
     src-address-list=All 

90 X ;;; ACCEPT ALL TO ARTWORK
     chain=forward action=accept connection-state=new dst-address=192.168.4.143 
     src-address-list=All 

91   chain=forward action=accept connection-state=new protocol=tcp port=22 

92   ;;; vnc
     chain=forward action=accept connection-state=new protocol=tcp port=5901 

93   ;;; vnc
     chain=forward action=accept connection-state=new protocol=tcp port=5903 

94   ;;; BLOCK ALL TO LOCAL
     chain=forward action=add-src-to-address-list connection-state=new dst-address-list=All 
     address-list=Local Block address-list-timeout=1s 

95   ;;; BLOCK ALL TO LOCAL
     chain=forward action=drop connection-state=new protocol=tcp dst-address-list=All 

96   ;;; BOLEH INTERNET
     chain=input action=accept protocol=tcp src-address-list=Boleh Internet dst-port=8080 

97   ;;; BLOCK ALL TO INTERNET
     chain=input action=add-src-to-address-list protocol=tcp address-list=internet block 
     address-list-timeout=1s dst-port=8080 

98   ;;; BLOCK ALL TO INTERNET
     chain=input action=drop protocol=tcp dst-port=8080 

99   ;;; Block PORT TCP
     chain=forward action=add-src-to-address-list connection-state=new protocol=tcp 
     address-list=portlist address-list-timeout=1s 

100   ;;; BLOCK ALL PING TO ROUTER
     chain=input action=drop protocol=icmp 

101   ;;; Block PORT TCP
     chain=forward action=drop connection-state=new protocol=tcp 

102 X chain=forward action=accept src-address=192.168.106.68 
-- [Q quit|D dump|up]