Community discussions

MikroTik App
 
tiran
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Fri Aug 07, 2015 2:53 pm

Install basic opensource firewall as docker container for control my whole LAN

Sun May 07, 2023 5:28 pm

I am looking for solution to control my branch LAN devices by basic open source firewall. I use RB450G4 devices for branch core router. is that possible to install a basic firewall in the RB450G4 as a docker container
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Install basic opensource firewall as docker container for control my whole LAN

Sun May 07, 2023 5:41 pm

An absurd request...
There is already the firewall in the same device where you would install the container, what would be the logic in wanting another add-on?
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2855
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: Install basic opensource firewall as docker container for control my whole LAN

Sun May 07, 2023 9:31 pm

@Tiran

Could you explain your plans for simpler firewal embeded in a firewall?

Is it Inception-like proof of concept project?
 
tiran
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Fri Aug 07, 2015 2:53 pm

Re: Install basic opensource firewall as docker container for control my whole LAN

Mon May 08, 2023 9:04 am

As a service partner we install and provide connection to customers. we use RB450G4 as the main router and VPN. we do not provide login access to RB450 router for end clients. but if we can install firewall on docker we can give access to responsible person to manage their firewall.
 
User avatar
Larsa
Forum Guru
Forum Guru
Posts: 1025
Joined: Sat Aug 29, 2015 7:40 pm
Location: The North Pole, Santa's Workshop

Re: Install basic opensource firewall as docker container for control my whole LAN

Mon May 08, 2023 10:39 am

It depends of what type of firewall solutions you are looking for thus how it will effect performance, memory and storage usage.

It we are talking about more sophisticated firewall solutions with IDS, DDOS-proection, etc I personly think it would suite better with a separate box on the side. This also gives you the ability to install and operate sophisticated solutions if your custmors customers requres it without risking disruption of normal communications, IMHO.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26289
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Install basic opensource firewall as docker container for control my whole LAN

Mon May 08, 2023 11:04 am

The idea is nice, but like others said, if we are talking about home users - most likely the device they use will not have enough resources to run a firewall container on top of RouterOS. Containers usually take quite a bit of CPU/RAM
 
tiran
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Fri Aug 07, 2015 2:53 pm

Allow some webs and block all others

Wed Jun 07, 2023 1:46 pm

assume I have router RB450 as a gateway router of my LAN. I have added masquerade for LAN Internet from my RB450. it is working fine. but now I want to allow outlook mail, any desk, TeamViewer, Microsoft teams and some important services and block all other sites. how can i do it
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: Allow some webs and block all others

Wed Jun 07, 2023 6:36 pm

assume I have router RB450 as a gateway router of my LAN. I have added masquerade for LAN Internet from my RB450. it is working fine. but now I want to allow outlook mail, any desk, TeamViewer, Microsoft teams and some important services and block all other sites. how can i do it
Not a simple task on ROS, when I worked on my mangle rules to add connection marks to some services connection for prioritization in Queues, I had to investigate which ports are using, eg. for MS Teams https://answers.microsoft.com/en-us/mst ... c810bc7a87, and I identified that service by application src port range, but if used in browser for web app is not the same, I use only app so I did not bother to seek solution for web Teams.
For others you mentioned, depends on service, some combination of dst port and dst ip range or src ports like Teams.
I think when you are blocking like that, It is always best to include dst ip in combination with ports (either is dst or src), because someone can create connection with allowed src port and avoid block if dst ip is not always checked.
 
tiran
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 50
Joined: Fri Aug 07, 2015 2:53 pm

Re: Install basic opensource firewall as docker container for control my whole LAN

Sat Jun 10, 2023 3:43 pm

An absurd request...
There is already the firewall in the same device where you would install the container, what would be the logic in wanting another add-on?
@rextended

Can you explain how can I do with existing firewall
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Install basic opensource firewall as docker container for control my whole LAN

Sat Jun 10, 2023 4:59 pm

An absurd request...
There is already the firewall in the same device where you would install the container, what would be the logic in wanting another add-on?
@rextended

Can you explain how can I do with existing firewall
The answer I gave you, in post #2 is perfectly adequate to what you did NOT write in your opening post.

Who is online

Users browsing this forum: tangent and 4 guests