basic firewall mikrotik
Learning
Mikrotik : Mikrotik Firewall Basics -
In this tutorial article Mikrotik Indonesia will discuss about the basic features of the Router Mikrotik Firewall.
Previously let us learn first what is Firewall .
What is a Firewall ?
A firewall is a device that serves to examine and determine which data packets can get in or out of a network. With this capability, firewall plays a role in protecting the network from attacks originating from outside the network (outside the network).
Firewall implements packet filtering and thereby provides security functions that are used to manage the flow of data to, from and through the router.
For example, the firewall function to protect the local network (LAN) from possible attacks coming from the Internet.
In addition to protecting the network, the firewall also intended to protect the user's computer or host (host firewall).
Firewalls are used as a means to prevent or minimize the security risks inherent in connecting to other networks. If properly configured firewall will play an important role in the efficient network deployment and infrastrure safe. MikroTik RouterOS has very powerful firewall implementation with features including :
Firewall operates by using firewall rules. Each rule consists of two parts - the appropriate matcher traffic flow against given conditions and actions that define what should be done with the right plan.
Firewall filtering rules are grouped together in a chain . This allows packets to be matched against one common criterion in one chain, and then passed over for processing against some other common criteria to another chain.
For example, the package must match the IP address : port.
Of course, it could be achieved by adding some rules to the IP address : port using the corresponding forward chain, but a better way could be to add one rule that matches traffic from a particular IP address,
for example : filter firewall / ip add src -address = 1.1.1.2/32 jump - target = " mychain ".There are three pre-defined chain in Mikrotik RouterOS :
Input
- used to process packets entering the router through one interface with the destination IP address is one of the router's address.
Chain input allows you to restrict access to the configuration of Mikrotik Router .
Forward
- used to process the data packets passing through the router.
Output
- used to process the data packets originating from the router and leave through one interface.
When the processing chain, chain rule taken from the list in the order will be executed from top to bottom. If the packet matches the rule criteria, then certain actions performed on it, and no more rules are processed in the chain.
If the packet does not match any of the rule in the chain, then the package will be accepted .
Connection State (Status of data packets through the router)
Invalid : the package is not owned by any connection, not useful .New : package which is opening a connection/first packet of a connection.Established : a continuation of the package by package new status .Related : package opening a new connection, but still related some previous connection .
Action Filter Firewall Mikrotik RouterOS
In the proxy firewall configuration Action there are several options, including :
Accept : packets received and did not continue reading the next Drop : reject packets silently (do not send ICMP rejection
Reject : reject the packet and send an ICMP rejection
Jump : jump to another chain that is determined by the jump -target parameter
Tarpit : refuse, but still keep the incoming TCP connection (reply with a SYN/ACK for incoming TCP SYN packets)Passthrough : ignore this rule and go to the next
log : add a data package to log information
Usage example on Mikrotik Router Firewall
Let's say we are the 192.168.0.0/24 private network and the public (WAN) interface ether1.
We will set the firewall to allow connections to the router itself only from the local network and drop the rest. Also we will allow ICMP protocol on any interface so that anyone can ping our router from the Internet. Its following command:
/ ip firewall filter
add chain = input connection-state = invalid action = drop \
comment = "Drop Invalid connections"
add chain = input connection-state = established action = accept \
comment = "Allow Established connections"
add chain = input protocol = icmp action = accept \
comment = "Allow ICMP"
add chain = input src-address = 192.168.0.0/24 action = accept \
in-interface =! ether1
add chain = input action = drop comment = "Drop everything"
sumber : http://mikrotikindo.blogspot.com/2013/03/belajar-mikrotik-dasar-firewall-mikrotik.html#
In this tutorial article Mikrotik Indonesia will discuss about the basic features of the Router Mikrotik Firewall.
Previously let us learn first what is Firewall .
What is a Firewall ?
A firewall is a device that serves to examine and determine which data packets can get in or out of a network. With this capability, firewall plays a role in protecting the network from attacks originating from outside the network (outside the network).
Firewall implements packet filtering and thereby provides security functions that are used to manage the flow of data to, from and through the router.
For example, the firewall function to protect the local network (LAN) from possible attacks coming from the Internet.
In addition to protecting the network, the firewall also intended to protect the user's computer or host (host firewall).
Firewalls are used as a means to prevent or minimize the security risks inherent in connecting to other networks. If properly configured firewall will play an important role in the efficient network deployment and infrastrure safe. MikroTik RouterOS has very powerful firewall implementation with features including :
- stateful packet inspection
- Layer-7 protocol detection
- peer-to-peer protocols filtering by :
- 1. traffic classification
- 2. source MAC address
- 3. IP addresses (network or list) and address types (broadcast, local, multicast, unicast)
- 4. port or port range
- 5. IP protocols
- 6. protocol options (ICMP type and code fields, TCP flags, IP options and MSS)
- 7. interface the packet arrived from or left through
- 8. internal flow and connection marks
- 9. DSCP byte
- 10. packet content
- 11. rate at which packets arrive and sequence numbers
- 12. packet size
- 13. packet arrival time
Firewall operates by using firewall rules. Each rule consists of two parts - the appropriate matcher traffic flow against given conditions and actions that define what should be done with the right plan.
Firewall filtering rules are grouped together in a chain . This allows packets to be matched against one common criterion in one chain, and then passed over for processing against some other common criteria to another chain.
For example, the package must match the IP address : port.
Of course, it could be achieved by adding some rules to the IP address : port using the corresponding forward chain, but a better way could be to add one rule that matches traffic from a particular IP address,
for example : filter firewall / ip add src -address = 1.1.1.2/32 jump - target = " mychain ".There are three pre-defined chain in Mikrotik RouterOS :
Input
- used to process packets entering the router through one interface with the destination IP address is one of the router's address.
Chain input allows you to restrict access to the configuration of Mikrotik Router .
Forward
- used to process the data packets passing through the router.
Output
- used to process the data packets originating from the router and leave through one interface.
When the processing chain, chain rule taken from the list in the order will be executed from top to bottom. If the packet matches the rule criteria, then certain actions performed on it, and no more rules are processed in the chain.
If the packet does not match any of the rule in the chain, then the package will be accepted .
Connection State (Status of data packets through the router)
Invalid : the package is not owned by any connection, not useful .New : package which is opening a connection/first packet of a connection.Established : a continuation of the package by package new status .Related : package opening a new connection, but still related some previous connection .
Action Filter Firewall Mikrotik RouterOS
In the proxy firewall configuration Action there are several options, including :
Accept : packets received and did not continue reading the next Drop : reject packets silently (do not send ICMP rejection
Reject : reject the packet and send an ICMP rejection
Jump : jump to another chain that is determined by the jump -target parameter
Tarpit : refuse, but still keep the incoming TCP connection (reply with a SYN/ACK for incoming TCP SYN packets)Passthrough : ignore this rule and go to the next
log : add a data package to log information
Usage example on Mikrotik Router Firewall
Let's say we are the 192.168.0.0/24 private network and the public (WAN) interface ether1.
We will set the firewall to allow connections to the router itself only from the local network and drop the rest. Also we will allow ICMP protocol on any interface so that anyone can ping our router from the Internet. Its following command:
/ ip firewall filter
add chain = input connection-state = invalid action = drop \
comment = "Drop Invalid connections"
add chain = input connection-state = established action = accept \
comment = "Allow Established connections"
add chain = input protocol = icmp action = accept \
comment = "Allow ICMP"
add chain = input src-address = 192.168.0.0/24 action = accept \
in-interface =! ether1
add chain = input action = drop comment = "Drop everything"
sumber : http://mikrotikindo.blogspot.com/2013/03/belajar-mikrotik-dasar-firewall-mikrotik.html#
Leave a Comment