I'm just learning the RouterOS Firewall. I already have some iptables experience.
On this wiki page is an intro with an example config: https://wiki.mikrotik.com/wiki/Manual:I ... all/Filter ,
but my requirements for all traffic (WAN-to-LAN, LAN-to-ANY) are different (much more stringent):
by default block everything, explicitly define each protocol/port that shall be allowed/opened.
Let's say my LAN is 192.168.0.0/17 and I have to put the following items into the firewall:
srcIP srcLoc srcPort destIP destLoc destPort Protocol Comments
------- ------- ------ ------- ------- -------- -------- --------
any LAN any any any 80 tcp http
any LAN any any any 443 tcp https
any LAN any any any 22 tcp ssh
any LAN any 1.2.3.4 WAN 465 tcp smtps(ssmtp)
any LAN any 1.2.3.4 WAN 995 tcp pop3s
any LAN any 192.168.10.1 LAN 53 udp+tcp DNS
192.168.11.x LAN any 192.168.10.1 LAN 1234 tcp blafoo
Could someone show me a skeleton example script on how best to do this?
Thx