Function of the Mikrotik Firewall

  • Stop unathorised access
  • Block unwanted ports
  • Classify and mark connections and packets for QOS or Routing Policy

Firewall Functions:

  • Filter packets using filter rules
  • NAT: SRCNAT and DSTNAT to translate source and destination addresses
  • Mangle: to mark connections and/or packets
  • RAW: drop or bypass packets before reaching the connection tracking
  • Service Ports: using NAT helpers

Chains:

  • Input = to the router
  • Output = from the router
  • Forward = via the router

Firewall Basics:

  • Rules process in order
  • IF …. Then
  • If no match, then the packet is accepted
  • Always add a drop rule at the bottom of your rules

Firewall Actions:

  • Passthrough = count packets/bytes
  • Drop = Discard a packet
  • Reject = Discard a packet but send ICMP message or TCP reset, TCP reset kills a TCP connection instantly
  • Tarpit = Send ACK Flag but don’t open the connection

Connection States:

  • New: The 1st packet observed by the Firewall will be new. The Firewall will check the packet and if allowed, the next packet going to the other direction of that stream will create an Established connection.
  • Established: A stream of packets that successfully pass both both directions of the Firewall. Established packets will not be evaluated by the Firewall.
  • Related: They are not considered part of the connection itself but related to it.
  • Inavlid: Packets arrived out-of-order to the router or with invalid sequence number. Best advice is to always drop them.

Was this post helpful?

Total Page Visits: 945 - Today Page Visits: 4