Answer the question
In order to leave comments, you need to log in
A
A
Alexander Urich2020-12-03 11:23:44
Alexander Urich, 2020-12-03 11:23:44
How to properly configure Firewall on Mikrotik?
The office has Mikrotik RB4011iGS + 5HacQ2HnD ROS 6.45.6 (stable)
After going to a remote location, I set up OpenVPN on it to access work computers and services in the office.
Now he began to be stupid: periodically, but not often, some clients fall off and cannot enter back.
I found the following entries in the logs:
sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=a94ba0e3e11918b pid=0 DATA len=0
no more listening for incoming connections: too busy
And there are a lot of these hapises, and they are from a large number of IPs.
I found instructions on the net on how to set up firewall rules to block a link
.
In a day, he has already blocked about a thousand addresses, but this log is still pouring.
Tell me how to set it up correctly?
4 answer(s)
@Tabletko
@CityCat4
@msHack
D
Dmitry, 2020-12-03 @Tabletko
For starters, you should upgrade to the current stable or long-term version. Looks like you've been scammed/pissed off.
Next, we somehow identify malware (brute-forcers) and enter their address list (here !! you need to be careful !!, so as not to shoot yourself in the foot). We create a rule in firewall raw and block everyone from this list there.
C
CityCat4, 2020-12-03 @CityCat4
Well, too busy, as it were, hints that they are ddosing. If it is impossible to determine the IP range from which "honest" users go, then you can try changing the port on which openvpn listens
R
Ruslan, 2020-12-04 @msHack
It’s not stupid for the connections, but for another reason, the connections and the firewall have nothing to do with it so that the asshole of the router needs to be sent tens of thousands of connections per minute
Similar questions
D
A
R
N
L
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question