Community discussions

 
cianux
just joined
Topic Author
Posts: 2
Joined: Mon Oct 17, 2016 10:46 am

firewall rules

Mon Oct 17, 2016 11:17 am

Hi all,
first of all I beg your pardon for my english.
I am quite new to RouterOS (6.37.1 on RB951Ui-2HnD) and the built-in firewall.
I would like to implement some simple (?) rules to drop all internet traffic and ports and permit allow only some specific websites.
Is it possible? I have searched on the web and I have not found anything.

Thanks in advance for your replies.
 
User avatar
blajah
Member Candidate
Member Candidate
Posts: 224
Joined: Fri Jun 12, 2015 8:58 pm
Location: Belgrade, Serbia
Contact:

Re: firewall rules

Mon Oct 17, 2016 12:04 pm

Hi,

you need to be more specific. Do you wan to drop traffic from internet targeted to your WAN ip or you want to block access from LAN to specific resources on internet?
I have bigger routing table.
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: firewall rules

Tue Oct 18, 2016 3:19 pm

*note - If you are thinking of evaluating your firewall rules using website hostnames/domain names, it will add an additional overhead to your router's CPU and may only work with HTTP and not HTTPS sites.
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
Delte
just joined
Posts: 23
Joined: Tue Oct 25, 2016 3:18 pm

Re: firewall rules

Tue Oct 25, 2016 3:33 pm

Hi all,
first of all I beg your pardon for my english.
I am quite new to RouterOS (6.37.1 on RB951Ui-2HnD) and the built-in firewall.
I would like to implement some simple (?) rules to drop all internet traffic and ports and permit allow only some specific websites.
Is it possible? I have searched on the web and I have not found anything.

Thanks in advance for your replies.
Yes, you can block all the traffic & ports by creating this simple rule.

Block All & Accept Exception Rule
chain=forward action=accept src-address=X.X.X.X dst-address=X.X.X.X log=no log-prefix="" 
chain=forward action=drop src-address=X.X.X.X log=no log-prefix="" 
Replace "src-address" with your Local IP range & "dst-address" for websites or remote host you want to connect.

Hope this resolves your query.

Who is online

Users browsing this forum: No registered users and 22 guests