I would like to build up a firewall rule-set which is flexible enough for future implementations and changes on a RB3011 (e.g. VPN, Port Forwarding, etc.)
I have learned that it is smart to use "address-lists" and "customized chains" for specific exceptions (e.g. protocol related, deny DNS Requests from WAN, or ssh) I also red the manual https://wiki.mikrotik.com/wiki/Manual: ... all/Filter but I am a little bit confused about the correct order of the rules. I learned that the order runs from "permissive" to more and more "restrictive" rules with a "drop" at the end.
But what I do nor understand is, if this can be managed in "blocks" for "input", "Forward", "Output" and "Custom"- Chains, or if the rule-order has to be managed by restrictions..
If it can be managed in "Chain-Blocks" how is the best way to implement?
- Input - rules
- Output rules