Summary
The firewall implements packet filtering and thereby provides security functions that are used to manage data flow to, from and through the router. Along with the Network Address Translation it serve as a tool for preventing unauthorized access to directly attached networks and the router itself as well as a filter for outgoing traffic.
Quick Setup Guide
- To add a firewall rule which drops all TCP packets that are destined to port 135 and going through the router, use the following command:
/ip firewall filter add chain=forward dst-port=135 protocol=tcp action=drop
- To deny acces to the router via Telnet (protocol TCP, port 23), type the following command:
/ip firewall filter add chain=input protocol=tcp dst-port=23 action=drop
- To only allow not more than 5 simultaneous connections from each of the clients, do the following:
/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop
Specifications
Packages required: systemLicense required: Level1 (P2P filters limited to 1) , Level3
Submenu level: /ip firewall filter
Standards and Technologies: IP, RFC2113
Hardware usage: Increases with filtering rules count
