Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

(Question) Block ips with addresses list in firewall nat

Locked
 
routiti
just joined
Topic Author
Posts: 14
Joined: Mon May 02, 2016 10:39 pm
Location: Spain

(Question) Block ips with addresses list in firewall nat

Tue Oct 16, 2018 12:45 pm

Hello,

I configured in my Router this rule for open the port 80 TCP to my web server.

/ip firewall nat
add action=dst-nat chain=dstnat dst-port=80 in-interface=pppoe-out1 protocol=tcp to-addresses=192.168.1.230

I receibed a lot DDOS attacks to my web server from a 50 indentifiqued public ips. I will block this ips in the firewall using addresses list.

I bloqued using this rules.
/ip firewall
/ip firewall filter add chain=input src-address-list=blacklist action=drop
/ip firewall filter add chain=forward src-address-list=blacklist action=drop

Are these rules correct or better use output option?
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: (Question) Block ips with addresses list in firewall nat

Wed Oct 17, 2018 4:24 am

Your best choice in this case should be raw prerouting.
Top
 
routiti
just joined
Topic Author
Posts: 14
Joined: Mon May 02, 2016 10:39 pm
Location: Spain

Re: (Question) Block ips with addresses list in firewall nat

Wed Oct 17, 2018 8:59 pm

Hello

Thank you, I resolve this problem.
Top
Locked

Who is online

Users browsing this forum: holvoetn, jaclaz, STMT and 95 guests
  4. RouterOS
  5. Beginner Basics