I’m trying to secure my home nas, I want to allow obly certain ips to access my nas and I’ve added drop rule for tcp packerts for src ips !authorized_ips list. Everything works just fine, but I have a couple of questions. I have blocked only tcp packets is that enought? I’ve tried to log everything !authorized_ips list and in the log appeared many tcp and udp packets from all kind of ips, some of the from my country. I’m wondering if I block every packet from every protocol will I block my internet also?
Just like I said before, create allow rules for the traffic you want and block all the rest.
But looking at your rule, you are only blocking traffic on your input chain. I assume that your NAS is behind your router, and therefor you should use the forward chain. But another assumption I make is that you are using a private range on your LAN and masquerade your traffic to your public IP. If that is the case, all traffic is destined for your router. If your NAS is supposed to be reachable from outside, create NAT rules and firewall filter allowance rules accordingly.
Maybe you can explain more in detail your network setup and your wishes.
Also I would like to see your complete /ip firewall filter and /ip firewall nat export results.
,