MikroTik - is it possible to restrict access to a forwarded port by a number of IP addresses?

M

Michael M2015-04-25 14:13:58

Mikrotik

Michael M, 2015-04-25 14:13:58

There is MikroTik on which ports are forwarded to RDP and FTP servers. Is it possible to allow access to these services for a few specific IP addresses, and deny all others?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

L

lexalex, 2015-04-26
@CrayFish

Easy
/ip firewall address-list
add address=8.8.8.8 disabled=no list=whitelist
add address=8.8.8.8 disabled=no list=whitelist
#replace 8.8.8.8 with your addresses
/ip firewall filter
add action=accept chain=input in-interface=WAN connection-state=new dst-port=20,21,3389 protocol=tcp src-address-list=whitelist
add action=drop chain=input in-interface=WAN connection-state=new dst-port= 20,21,3389 protocol=tcp #replace
wan with the name of your external interface #make
sure after adding new rules that there are no deny rules in front of them that incoming allowed packets can fall under

R

Rsa97, 2015-04-25
@Rsa97

Maybe. Just close the firewall entry to these ports from these addresses.