Community discussions

MikroTik App
 
User avatar
davidgarland
just joined
Topic Author
Posts: 21
Joined: Fri Dec 12, 2014 3:25 am
Location: Iowa

Firewall concerns regarding core router/routing

Fri Sep 30, 2022 1:23 am

A CCR has several interfaces connecting to external and internal BGP peers. It also has a customer (23.23.23.62/30, gw 23.23.23.61) connection interface that needs to be firewall rule protected. If the "customer" is on interface ether4 and you only wanted to allow communication between specific IP ranges would something like this cover it without affecting the other interfaces? Or once I start creating forward rules do I have to individually account for each interface (ether1, ether2, ether3 and ether4)? Nothing is being NAT'd on this CCR.

/ip firewall address-list
add address=44.44.17.0/24 list=AddressIwanttoAllow
add address=44.44.18.0/23 list=AddressIwanttoAllow
add address=66.66.64.0/23 list=AddressIwanttoAllow
add address=99.99.50.0/24 list=AddressIwanttoAllow

/ip firewall filter
add action=accept chain=forward connection-state=established,related in-interface=ether4
add action=accept chain=forward dst-address=23.23.23.62 src-address-list=AddressIwanttoAllow
add action=drop chain=forward dst-address=23.23.23.62 src-address-list=!AddressIwanttoAllow
 
User avatar
davidgarland
just joined
Topic Author
Posts: 21
Joined: Fri Dec 12, 2014 3:25 am
Location: Iowa

Re: Firewall concerns regarding core router/routing

Fri Oct 14, 2022 11:15 pm

crickets?

Who is online

Users browsing this forum: No registered users and 13 guests