Community discussions

MikroTik App
 
ockac23
just joined
Topic Author
Posts: 19
Joined: Mon Sep 20, 2021 10:58 am

Firewall Rules Factory Setting

Thu Sep 23, 2021 1:16 pm

Hello guys,

I am attaching here a screenshot of the firewall factory settings of new bought Mikrotik hAP.
My question is why the rule blocking access from outside (rule# 6 currently disabled for testing) is taking effect although the rule allowing this is before it - at first position #1
If I enable rule 6 again it will block traffic from WAN although the rule allowing it is before it (on place 1)

What is the logic here?

https://c.gmx.com/@823553968113195249/F ... mVi9fNIC2A
Last edited by ockac23 on Thu Sep 23, 2021 1:24 pm, edited 1 time in total.
 
infabo
Long time Member
Long time Member
Posts: 619
Joined: Thu Nov 12, 2020 12:07 pm

Re: Firewall Rules Factory Setting

Thu Sep 23, 2021 1:22 pm

The logic here is, that you should make relevant columns visible in WinBox. Add "Connection State" to "show columns". Then you should understand.
 
ockac23
just joined
Topic Author
Posts: 19
Joined: Mon Sep 20, 2021 10:58 am

Re: Firewall Rules Factory Setting

Thu Sep 23, 2021 1:28 pm

I am on WebFig.
 
infabo
Long time Member
Long time Member
Posts: 619
Joined: Thu Nov 12, 2020 12:07 pm

Re: Firewall Rules Factory Setting

Thu Sep 23, 2021 1:46 pm

Weird WebFig. Apparently you can't add columns to the table. But never mind. Just click on the rule #1 and look whats configured.
 
ockac23
just joined
Topic Author
Posts: 19
Joined: Mon Sep 20, 2021 10:58 am

Re: Firewall Rules Factory Setting

Thu Sep 23, 2021 2:01 pm

OK I saw the Connection State settings:
in rule 1: related, established, untracked

Does it mean that I have to create a new rule for allowing connection state "new" packets and to put it before rule #6, which is dropping everything not from !LAN ?
Last edited by ockac23 on Fri Sep 24, 2021 12:46 pm, edited 1 time in total.
 
ockac23
just joined
Topic Author
Posts: 19
Joined: Mon Sep 20, 2021 10:58 am

Re: Firewall Rules Factory Setting  [SOLVED]

Sun Oct 03, 2021 8:03 pm

I figured it out.
Added a new rule for accepting new, related, established, untracked, coming from interface list WAN and placed this new rule before the rule dropping everything coming not from !LAN.
 
Zacharias
Forum Guru
Forum Guru
Posts: 3459
Joined: Tue Dec 12, 2017 12:58 am
Location: Greece

Re: Firewall Rules Factory Setting

Sun Oct 03, 2021 9:03 pm

In the default Firewall Configuration there is no rule accepting incoming traffic from WAN to the Router itself unless that traffic was initiated from the Router so it returns back as Established/related...
Only ICMP is explicitly allowed...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Firewall Rules Factory Setting

Mon Oct 04, 2021 12:59 am

Another zombie machine is coming out...

Who is online

Users browsing this forum: 0xAA55, Ahrefs [Bot], Bing [Bot] and 35 guests