Hi,
This is my first mikrotik configuration. What I intend to do is to block all incoming connection from outside except on port 443 TCP that I am using for openvpn connection. But only specific public ip-s that are written in an address list are going to be allowed to connect to port 443. I would highly appreciate if you let me know if below firewall rules are good to have a decent protection. Thank you!
This is my first mikrotik configuration. What I intend to do is to block all incoming connection from outside except on port 443 TCP that I am using for openvpn connection. But only specific public ip-s that are written in an address list are going to be allowed to connect to port 443. I would highly appreciate if you let me know if below firewall rules are good to have a decent protection. Thank you!
Code:
;;; defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked ;;; defconf: drop invalid chain=input action=drop connection-state=invalid ;;; defconf: accept ICMP chain=input action=accept protocol=icmp ;;; defconf: accept to local loopback (for CAPsMAN) chain=input action=accept dst-address=127.0.0.1 chain=input action=drop protocol=tcp src-address-list=!openvpn_list dst-port=443 log=no log-prefix="" ;;; accept ovpn chain=input action=accept protocol=tcp src-address-list=openvpn_list dst-port=443 log=no log-prefix="" ;;; defconf: drop all not coming from LAN chain=input action=drop in-interface-list=!LAN ;;; defconf: fasttrack chain=forward action=fasttrack-connection connection-state=established,related ;;; defconf: accept established,related, untracked chain=forward action=accept connection-state=established,related,untracked ;;; defconf: drop invalid chain=forward action=drop connection-state=invalid ;;; defconf: drop all from WAN not DSTNATed chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN Statistics: Posted by pasin — Tue Dec 26, 2023 9:04 pm