Hey everyone, I've always used either firewalls in AWS/Azure or something simple for a SOHO. I have a web app sitting behind my Mikrotik, and after setting up the Firewall rules, reading a few books, just wondered if I am making my life difficult or going down the right approach.
Current setup
2 WANs, incoming everything is blocked incoming except port 80, 443.
Downloaded a few blacklist scripts to block those IPs for all incoming, forwarded or outgoing traffic.
Blocking port scanning attempts.
Outgoing on the WANs have port 443 open, and DNS is restricted to only the DNS servers I picked.
All new connections are logged via syslog to an offsite location.
1 DMZ network, and 1 vlan network on another switch. That vlan only accepts incoming connections from the DMZ on one port. Outgoing on the vlan is restricted to just DNS.
After setting this up, testing it, I realize I have other 30 rules. If there was a SRC/DST Port list I think I could cut the rules down some. Since none of my local networking friends use Mikrotik, I figured I would ask you guys in a production environment, how many rules do you end up with and when is it being too specific or just too much?