Firewall rule in Mikrotik, blocking/allowing UDP port?

J

Jokerdxf2020-12-23 12:14:10

Mikrotik

Jokerdxf, 2020-12-23 12:14:10

Hello, yesterday I fell into the hands of Mikrotik Hex S, until that moment I had never worked with this piece of iron, I heard a lot about it, of course.) Essence of the question: It is

required to drop incoming and outgoing UDP traffic on port 3399 for example. That is, there is a device that communicates with others on the network on UDP port 3399, but I need it to see only one address from the external network. I did something like this on Zyxel:

I set up 4 rules in the firewall:

1. Accept - Source Ip (white remote IP)
2. Accept - Dst. Ip (white remote ip)
3. Deny - Src. port : UDP (3399)
4. Deny - Dst. Port : UDP (3399)

On the Zixel, by this rule, the device on the other end and the local device could see and connect to each other. But on Mikrotik, the devices don't connect to each other.

Maybe the rules are written differently?
Here is a screenshot, on Keneetix KN1010 everything worked according to this principle, it does not want to Mikrotik)

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexey, 2020-12-23
@Protosuv

I'm trying to explain how I understood it:
1. a certain device outside is trying to reach some device inside the network behind the mikrotik;
2. Do you want to grant access to this device from an external device with a white IP?
3. Is it required to restrict access of an internal device to some external one by its white IP?
As usual, point 1 is resolved by the DSTNAT rule in the NAT chain. Point 2 is solved in the forward chain, where to indicate to whom where. Point 3 is similar to point 2.