I have unusual high traffic on my WAN interface. Please assist me to block this, I'm new to firewall rules for Mikrotik.
Any advise on how to solve and prevent this problem in the future is highly appreciated.
Thanks in advance.
Code: Select all
/ip firewall filter
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept establieshed,related" connection-state=\
established,related
add action=drop chain=input comment="defconf: drop all from WAN" disabled=yes in-interface="ether1 - wan"
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related" connection-state=\
established,related
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface="ether1 - wan"
add action=drop chain=virus comment=Worm protocol=udp src-port=4444
add action=jump chain=forward comment="jump to the virus chain" jump-target=virus
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" out-interface="ether1 - wan"
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes