Community discussions

MikroTik App
  4. RouterOS
  5. General

how to translate these rules

Post Reply
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

how to translate these rules

Mon Nov 16, 2015 11:50 pm

Hello,

I found on my OpenWrt router some default firewall rules.
These rules makes sense and are clear how to realize it on ROS.
Code: Select all
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
But how can these rules be realized in ROS and which sense have these rules?
Code: Select all
ACCEPT     gre  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags:SYN/SYN
Top
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

Re: how to translate these rules

Thu Nov 19, 2015 8:26 am

noone? :-(
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10240
Joined: Mon Jun 08, 2015 12:09 pm

Re: how to translate these rules

Thu Nov 19, 2015 11:59 am

Such rules are in a MikroTik by default. Apparently you have modified it.
The match for connection state is in the add rule page, when you expand it you can tick those options you mention.
Top
 
onlineuser
Member Candidate
Member Candidate
Topic Author
Posts: 250
Joined: Thu Aug 06, 2015 12:10 pm

Re: how to translate these rules

Fri Nov 20, 2015 2:30 pm

The first and second rule is a default rule but per default there were set 5 rules.
Code: Select all
3 ACCEPT     gre  --  anywhere             anywhere
4 REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
5 REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
6 TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
7 DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags:SYN/SYN
What does the grep stand for in the rule #3?

How can I set the parameter icmp-port-unreachable in ROS?

What does reject with tcp-reset mean?

How can I configure the rule #6 and rule #7 in ROS?
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], litogorospe and 96 guests
  4. RouterOS
  5. General