【RouterOS】——5 important default firewall rules

角色

为了学习RouterOS，我把所有default的rules都删去，但是为了大家有一个好好的参考，所以把那四条default rules刊登上来，那么有问题的时候都有一个参考：

1. [admin@MikroTik] /ip firewall filter> print
   
2. Flags: X - disabled, I - invalid, D - dynamic
   
3. 0   ;;; default configuration
   
4.      chain=input action=accept protocol=icmp
   
5. 
   
6. 1   ;;; default configuration
   
7.      chain=input action=accept connection-state=established
   
8. 
   
9. 2   ;;; default configuration
   
10.      chain=input action=accept connection-state=related
    
11. 
    
12. 3   ;;; default configuration
    
13.      chain=input action=drop in-interface=sfp1-gateway
    
14. 
    
15. 4   ;;; default configuration
    
16.      chain=input action=drop in-interface=ether1-gateway
    
17. [admin@MikroTik]

複製代碼

hklkf

routeros x86

carw318

RB2011UiAS-2HnD

角色

回復 3# carw318

你买了什么RB呢？

carw318

剛買了 routeros 請問除以上 basic firewall 之外 , 還有什麼要加 ? 請指教 !! thanks !!!

bubblestar

Thanks for the information.

In case we have dual wan, I think we shall need to make an additional firewall rule after Number 4.  Shall we?

Let's say,

1. [admin@MikroTik] /ip firewall filter> print
   
2. Flags: X - disabled, I - invalid, D - dynamic
   
3. 0   ;;; default configuration
   
4.      chain=input action=accept protocol=icmp
   
5. 
   
6. 1   ;;; default configuration
   
7.      chain=input action=accept connection-state=established
   
8. 
   
9. 2   ;;; default configuration
   
10.      chain=input action=accept connection-state=related
    
11. 
    
12. 3   ;;; default configuration
    
13.      chain=input action=drop in-interface=sfp1-gateway
    
14. 
    
15. 4   ;;; default configuration
    
16.      chain=input action=drop in-interface=ether1-gateway
    
17. 
    
18. 5   ;;; default configuration
    
19.      chain=input action=drop in-interface=ether2-gateway
    
20. 
    
21. [admin@MikroTik]

複製代碼