Community discussions

MikroTik App
 
dfdf
newbie
Topic Author
Posts: 36
Joined: Wed Dec 08, 2021 3:51 pm

Feature request: allow dns name(s) for IP servicies

Tue Nov 08, 2022 9:43 pm

I can have address list filled dynamically by dns name resolution and use this list in firewall rules.
But currently I don't have ability to limit ip service (such as winbox or ssh) to be available only to dns name -- only to IP address/IP subnet.
So suppose I have a dynamic IP for place I want to connect to Mikrotik device from. I can make a firewall rule to allow this, but I can't allow this in IP service list, so the only option is to allow this from everywhere -- not the best choice, IMHO, from security point of view. Is it possible to add this ability in future releases?
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Feature request: allow dns name(s) for IP servicies

Wed Nov 09, 2022 11:18 am

Better you use a VPN (and close telnet)...
 
chiem
newbie
Posts: 41
Joined: Fri Oct 24, 2014 4:48 pm

Re: Feature request: allow dns name(s) for IP servicies

Wed Nov 09, 2022 1:56 pm

Can't you do:
/ip/firewall/filter/add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=your-address-list
?
 
dfdf
newbie
Topic Author
Posts: 36
Joined: Wed Dec 08, 2021 3:51 pm

Re: Feature request: allow dns name(s) for IP servicies

Fri Nov 11, 2022 9:15 pm

Can't you do:
/ip/firewall/filter/add action=accept chain=input dst-port=8291 protocol=tcp src-address-list=your-address-list
?
I can. I will. Moreover, I have to (or it will not work at all if router has firewall rules enabled). But this MEANS I also need
to allow service from everywhere -- not the best choice, IMHO, from security point of view.
Better to have TWO points of check instead of ONLY ONE.

Who is online

Users browsing this forum: Bing [Bot] and 23 guests