Community discussions

MikroTik App
 
rjow2021
just joined
Topic Author
Posts: 24
Joined: Thu Nov 19, 2020 6:26 pm

not_from_LAN input showing in log.

Thu Feb 11, 2021 5:53 pm

I'm having a lot of these show up in the log. It's a drop rule. As you can see its a default config as I learn more and maybe streamline the firewall. The MAC in the log is showing as Cicso in MAC lookup.

Just would like to know that the rules below are sufficient for a rookie starting out.

/ip firewall address-list
add address=192.168.50.41 list="Block IP"
add address=192.168.50.42 list="Block IP"
add address=192.168.50.43 list="Block IP"
add address=192.168.50.44 list="Block IP"
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=accept chain=input comment="allow IPsec NAT" dst-port=4500 protocol=udp
add action=accept chain=input comment="allow IKE" dst-port=500 protocol=udp
add action=accept chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN log=yes log-prefix=not_from_LAN
add action=drop chain=forward comment="Block IPs to WAN" log=yes log-prefix="IP blocked from WAN" src-address-list="Block IP"
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
 
WeWiNet
Long time Member
Long time Member
Posts: 522
Joined: Thu Sep 27, 2018 4:11 pm

Re: not_from_LAN input showing in log.  [SOLVED]

Thu Feb 11, 2021 6:45 pm

Firewall rules evolved a lot over last ROS versions. Make sure you use a recent ROS with the default FW settings coming from it.

It is normal that you see log entries, there is data coming from WAN which gets dropped as it is not considered "established/related".
That is not any reason to be worried.
PS: You will normally don't log this drop rule as there is too much coming in/getting logged.
WeWiNet

**
MTCNA
I like a new challenge, I migrate to ROS7... :? no way, finally I stay with 6.48! I am NOT crazy :lol: !!!
 
rjow2021
just joined
Topic Author
Posts: 24
Joined: Thu Nov 19, 2020 6:26 pm

Re: not_from_LAN input showing in log.

Thu Feb 11, 2021 7:01 pm

Excellent. I could remove the automatic log for this rule so it doesn't get logged.

Glad its doing what it should.

Thanks you for your help.

Who is online

Users browsing this forum: mbovenka, mkx, routergate and 60 guests