1.I would like to finally take on making my firewall rules, I did something like this with the help of the Internet. Please advise me what I would necessarily have to change. At this point “drop all” falls out unfortunately. 2.I would like to control the logs in a better way, unfortunately at this point I can see very little, please advise what to discard and what to include, because the only thing it shows in the logs is dhcp, which I defacto turned off (I think?). I would like to have basic information in logs about anomalies, connection attempts, block connections etc,. so that it saves it to a file for me somewhere, e.g. the flash drive I have hap ax3
Code:
/ip firewall filteradd action=add-src-to-address-list address-list=Syn_Flooder address-list-timeout=30m chain=input comment="Add Syn Flood IP to the list" connection-limit=30,32 protocol=tcp tcp-flags=synadd action=drop chain=input comment="Drop to syn flood list" src-address-list=Syn_Flooderadd action=add-src-to-address-list address-list=Port_Scanner address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1add action=drop chain=input comment="Drop to port scan list" src-address-list=Port_Scanneradd action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP protocol=icmpadd action=jump chain=forward comment="Jump for icmp forward flow" jump-target=ICMP protocol=icmpadd action=drop chain=forward comment="Drop to bogon list" dst-address-list=bogonsadd action=add-src-to-address-list address-list=spammers address-list-timeout=3h chain=forward comment="Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=25,587 limit=30/1m,0:packet protocol=tcpadd action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 protocol=tcp src-address-list=spammersadd action=accept chain=input comment="Accept DNS - UDP" disabled=yes port=53 protocol=udpadd action=accept chain=input comment="Accept DNS - TCP" disabled=yes port=53 protocol=tcpadd action=accept chain=input comment="Accept to established connections" connection-state=establishedadd action=accept chain=input comment="Accept to related connections" connection-state=relatedadd action=drop chain=ICMP comment="block icmp lan to guest" dst-address=10.27.10.0/24 src-address=10.27.0.0/24add action=drop chain=ICMP comment="block icmp from network guest to lan" dst-address=10.27.0.0/24 src-address=10.27.10.0/24add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood, adjust the limit as needed" icmp-options=8:0 limit=2,5:packet protocol=icmpadd action=accept chain=ICMP comment="accept icmp ping" icmp-options=0:0 protocol=icmpadd action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 protocol=icmpadd action=accept chain=ICMP comment="Destination unreachable" icmp-options=3:0-1 protocol=icmpadd action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmpadd action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmpadd action=jump chain=output comment="Jump for icmp output" jump-target=ICMP protocol=icmpadd action=drop chain=input comment="block address" src-address=115.243.85.101add action=drop chain=input comment="block address" src-address=188.166.226.191add action=drop chain=input comment="block address" src-address=10.27.10.0/24add action=drop chain=forward comment="drop" dst-address=10.27.0.0/24 src-address=10.27.10.0/24add action=drop chain=input comment="block " protocol=udp src-address=37.60.225.99 src-port=1434add action=drop chain=input src-address=37.248.160.240add action=drop chain=input comment="block DNS " dst-port=53 in-interface=WAN protocol=udpadd action=drop chain=input comment="block Winbox " dst-port=8291 in-interface=WAN protocol=tcpadd action=drop chain=input comment="block DNS (TCP)" dst-port=53 in-interface=WAN protocol=tcpadd action=accept chain=input comment="accecpt dns lan (UDP)" dst-port=53 protocol=udp src-address=10.27.0.0/24add action=accept chain=input comment="accecpt dns lan (TCP)" dst-port=53 protocol=tcp src-address=10.27.0.0/24Statistics: Posted by Bolendox — Thu Jan 30, 2025 9:28 pm