Is it possible to block ports in Mikrotik?

D

Dj0cker2022-01-14 08:52:24

Mikrotik

Dj0cker, 2022-01-14 08:52:24

the essence is to ban anyone who knocks with evil intentions on certain ports from different IP addresses. Let's say the white list goes through all ports, the black one immediately flies from the first ping or attempt to connect to the port in the ban. Is that possible?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Viktor, 2022-01-14
@MadLor

Mikrotik Fail2Ban - we look in Google
PS but it's better to set it up normally ... allow what is allowed, and drop the rest. Why uselessly eat the resources of the router?

N

nApoBo3, 2022-01-14
@nApoBo3

Yes, address-list add.

C

CityCat4, 2022-01-14
@CityCat4

Certainly. Mikrotik supports the concept of "lists" which are easily applicable to any operation.
For example, blacklisting two addresses 1.1.1.1 and 2.2.2.2 and prohibiting any traffic from them to the TCP/80 port:

/ip firewall address-list
add address=1.1.1.1 list=poshelvzhopu 
add address=2.2.2.2 list=poshelvzhopu
/ip firewall filter
add action=drop chain=input src-address-list=poshelvzhopu protocol=tcp dst-port=80
add action=drop chain=forward src-address-list=poshelvzhopu protocol=tcp dst-port=80