On the MT site they list the following firewall rules to help protect your boxes.
ip firewall rule input add connection-state=invalid action=drop
comment=“Drop invalid connections”
/ip firewall rule input add connection-state=established
comment=“Allow established connections”
/ip firewall rule input add connection-state=related
comment=“Allow related connections”
/ip firewall rule input add protocol=udp comment=“Allow UDP”
/ip firewall rule input add protocol=icmp comment=“Allow ICMP Ping”
/ip firewall rule input add src-address=10.0.0.0/24
comment=“Allow access from our local network. Edit this!”
/ip firewall rule input add src-address=192.168.0.0/24 protocol=tcp dst-port=8080
comment=“This is web proxy service for our customers. Edit this!”
/ip firewall rule input add action=drop log=yes
comment=“Log and drop everything else”
My question is follows.
The command
/ip firewall rule input add src-address=10.0.0.0/24
comment=“Allow access from our local network. Edit this!”
Do I edit and add each class C address that should go through this box? ie the 10.0.0.0/24 shoudl be replaced with x.x.x.x/24 and one rule added for each class that is being send through it?
Also it talks about a web proxy.. though i’m running hotspot i don’t think i have a web proxy.. so i just leave it out?
Also, if I make a mistake with the firewalls any way to have them reset to previous state upon reboot or something? My unit is up on the tower, be kina hard to go plug into the console to go turn the rule back off.
Thanks,
Michael