I have 2x RouterOS running on 2x RB750 series routers.
I’m having major problems with unreplied connections on both devices. Both the source and destination addresses are NOT on my local network, so I suspect there is some spoofing of the source addresses.
My question is how can I block these reliably? I’ve tried a few suggestions in the past I’ve found on other threads but I backed those out as they seemed to only cause problems for legitimate connections trying to send SYN FIN/RST packets which left me with a load of stale connections.
Update: I noticed the problem was more pronounced on one device than the other and there were subtle differences between the two in the rules configured to drop traffic.
I’ve tweaked this and will see how things go over the next week or so.
If you don’t have a very dynamic routing environment (for example traffic coming into the network on one router and leaving through another router) then you can enable Reverse Path Filtering.
Go to IP → Settings
Set RP Filter to strict.
If you do have a dynamic routing environment, then create some firewall rules on your forward chain to:
accept traffic from anything to your network range.
accept traffic from your network range to anything.
drop all other forward traffic.
