Do not compare Mikrotik with Zyxell, it is not correct.
In a router, firewall rules have their own order and it is important. The rules are enforced from top to bottom and nothing else. You are wrong! Rules are usually not started with ``Jump'' but with /Input=allow-established,related....
Anav beautifully described an example of how the sequence of firewall rules looks like and the content of the rules themselves, and if you use such a rule policy, then you will not have log file "red" notifications about someone trying to connect to your ssh, winbox or Telnet, etc.
It looks like you have too many ports open on your router. Blocks the Telnet port so that your router is not hacked from the outside... of course, if it is not necessary for some important task. And as the "good practice" shows, it should be blocked on the RAW chain.
In a router, firewall rules have their own order and it is important. The rules are enforced from top to bottom and nothing else. You are wrong! Rules are usually not started with ``Jump'' but with /Input=allow-established,related....
Anav beautifully described an example of how the sequence of firewall rules looks like and the content of the rules themselves, and if you use such a rule policy, then you will not have log file "red" notifications about someone trying to connect to your ssh, winbox or Telnet, etc.
It looks like you have too many ports open on your router. Blocks the Telnet port so that your router is not hacked from the outside... of course, if it is not necessary for some important task. And as the "good practice" shows, it should be blocked on the RAW chain.
Statistics: Posted by johnson73 — Sat Jan 13, 2024 7:45 pm