Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
MrDZ2019-03-11 15:38:58
Mikrotik
MrDZ, 2019-03-11 15:38:58

Why might firewall rules be removed?

For some reason, some of the firewall filters on the remote mikrotik rb750r2 are removed, the firmware is different. Specifically, the input rules are removed.
/ip firewall filter
add action=accept chain=input comment=Ping protocol=icmp
add action=accept chain=forward protocol=icmp
add action=accept chain=input comment="Allow IPsec" dst-port=500 protocol=udp
add action =accept chain=input protocol=ipsec-esp
add action=accept chain=input protocol=ipsec-ah
add action=accept chain=input protocol=udp src-port=4500
add action=accept chain=forward comment="Local to net " dst-address-list=test \
in-interface=!ether1-gateway out-interface=ether1-gateway
add action=accept chain=input comment="Accept connection" connection-state=\
established,related
add action=accept chain=forward connection-state=established,related
add action=accept chain=forward comment="Online kass" dst-address=\
91.213.144.29
add action=accept chain=forward dst-address=46.17 .204.250
add action=accept chain=input comment="Local network" in-interface=\
!ether1-gateway src-address=192.64.1.0/24
add action=accept chain=input comment="allow l2tp" dst-port= 1701 protocol=udp
add action=accept chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add action=accept chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=accept chain=input src-address=192.168.2.0/23
add action=accept chain=input src-address=external office address
add action=accept chain=forward comment="Bank Terminal" src-address=\
192.64.1.2-192.64.1.10
add action=accept chain=forward dst-address=192.64.1.2-192.64.1.10
add action=accept chain=forward src-address=185.170.204.91
add action=accept chain=forward dst-address=185.170.204.91
add action=drop chain=input comment="Drop incoming" in-interface=\
ether1-gateway
add action=accept chain=forward comment ="VPN traffic" src-address=\
192.168.2.0/23
add action=accept chain=forward dst-address=192.168.2.0/23
add action=reject chain=forward comment="Drop all" protocol=tcp reject-with =\
tcp-reset

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
D
dmb_1945, 2019-03-11
@dmb_1945

As far as I know, the rules created in manual mode cannot be deleted by themselves.
Someone intentionally extinguishes them, a script or hands.
Check logs, check scripts, scheduler, set up e-mail notification if someone is logged in, disable unused services, restrict login from certain ports.
I think that 90% of you someone breaks.
In short, go in the direction of increasing the level of security!

Report
M
MrDZ, 2019-05-30
@MrDZ

I was tormented for a long time why the rules were deleted, and did not understand ..... I strongly doubt that this is done by an evil hacker.
Today, almost before our eyes, these input rules have disappeared. They changed the provider, launched the winbox on my computer and on the remote one, changed the settings, rebooted the Mikrotik and they disappeared. Maybe at the same time you can’t open the winbox for one Mikrotik ... or who knows

Similar questions
W
weranda2019-12-10 21:02:00
How to merge two shapes in Sketch so that everything is "smooth"? 3Reply
V
Vladimir Paziy2016-10-20 17:16:02
The Internet on Mikrotik disappeared, what's wrong? 3Reply
V
Vitaly2016-10-22 21:04:34
What does the keep alive timeout parameter mean on a pppoe client? 2Reply
V
Vitaliy2014-10-24 14:28:57
How to set up hotspot in an existing environment? 3Reply
Y
YarBurn2016-10-24 16:17:10
How to configure prioritization of voip traffic in mikrotik? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question