Community discussions

just joined
Topic Author
Posts: 2
Joined: Tue Mar 26, 2019 5:30 pm

Firewall Rules

Tue Mar 26, 2019 5:59 pm

Afternoon, I am fairly new to Mikrotiks but loving them. But can someone help me with a Firewall issue.

I have 2 interfaces, Ether 4 DMZ and Ether 6 Services. I want to....

Only allow certain ports from Ether 4 to Ether 6 (TCP 45,53,88,389,445,464,636,1688,135-137,1025-5000,49152-65535) (UDP 53,88,389,445,123,135-137)
Allow all ports from Ether 6 to Ether 4

I have set the below which works for Ether4 to Ether6 but Ether6 to Ether4 doesn't allow any traffic. I thought with Mikrotiks everything was open until it was closed.

add action=accept chain=forward comment="DMZ Rules" dst-address-list=AD-Services dst-port=45,53,88,389,445,464,636,1688,135-137,1025-5000,49152-65535 in-interface-list=DMZ-Interfaces out-interface=ether6-Services protocol=tcp src-address-list=RDG-DMZ-IPS
add action=accept chain=forward dst-address-list=AD-Services dst-port=53,88,389,445,123,135-137 in-interface-list=DMZ-Interfaces out-interface=ether6-Services protocol=udp src-address-list=RDG-DMZ-IPS
add action=reject chain=forward in-interface-list=DMZ-Interfaces out-interface-list=all reject-with=icmp-network-unreachable

Can anyone offer me the correct direction to go?

Who is online

Users browsing this forum: Bing [Bot] and 28 guests