How to disable ports 1025-65536 on mikrotik?

M

m2_viktor2015-05-15 12:39:27

Mikrotik

m2_viktor, 2015-05-15 12:39:27

Hello, given the network 192.168.0.0/24 and mikrotik rb750 as the main gateway that looks on the Internet. How I set up mikrotik: I connected to winbox, reset the settings, connected again through winbox, a window appeared with the initial setup script, I agreed with the settings. Firewall and nat rules were created automatically. This configuration worked fine for me, but it doesn't hurt to prevent hosts from the 192.168.0.0/24 network from connecting to the Internet on ports 1025-65536. How to set it up?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

Cool Admin, 2015-05-15
@m2_viktor

Why didn't you do it on your own?
ip firewall filters add chain=forward protocol=tcp dst-port=1025-65536 action=drop src-address=192.168.0.0/24 comment="drop tcp 1025-65536"
ip firewall filters add chain=forward protocol=udp dst- port=1025-65536 action=drop src-address=192.168.0.0/24 comment="drop udp 1025-65536"
Why do you need it? What can your users download\do that you cut ports for them? Potential ogrebalovo exceeds the safety level.

B

Bisko, 2018-03-20
@Bisko

"And why do you need it?" - I temporarily closed the 25th port for a certain IP until I healed the machine. There was a mass mailing of spam - they threatened to block the network, or part of the network.
filter(s) - without "s"