I'm new to Mikrotik routers and need some advice for my first firewall configuration.
I'm using the Mikrotik RouterBOARD RB2011UIAS-2HND-IN behind a Fritzbox 7490 (for VDSL) as "Exposed Host" to avoid Fritzbox' NAT / Firewall. On the Mikrotik I've created a lan (192.168.0.0/24).
That's the configuration I've made with the aid of the mikrotik manual:
/ip firewall filter add chain=input connection-state=established add chain=input connection-state=related add chain=input in-interface=br-lan add action=log chain=input add action=drop chain=input add chain=forward connection-state=established add chain=forward connection-state=related add chain=forward dst-address=!192.168.0.0/24 dst-port=80,443 in-interface=br-lan protocol=tcp add chain=forward dst-address=!192.168.0.0/24 in-interface=br-lan protocol=icmp add action=drop chain=forward
Forward chain: the same thing - I first wanna drop anything but established, related and particular rules like "browse or ping" should work.
These are my first steps, so don't be too rough please ;D
In order to refine the configuration I thought it would be helpful to provide a basis.
Thank you very much so far!