One of the numerous reasons I love deploying Mikrotik technologies is in its ability to do a whole lot of things. Mikrotik routers can be deployed as firewalls to protect your network from external attacks at no extra cost!. While other vendors have role-specific firewall boxes designed for this purpose, Mikrotik brings you the power of routing, packet-filtering, caching, QOS, firewall, etc, all in one very affordable and easy-to-deploy box.
It is a common knowledge today that networks are being attacked at the speed of light. As you read this, cyber criminals are lunching denial of service (DOS) attacks on networks around the world. To stay ahead, network engineers must set up mechanisms to protect their internal networks from external aggressors. This must be achieved with no denial of service to internal users. Network users should be able to send and receive packets on the network without difficulties.
The aim of setting up a firewall in this demonstration, is to stop anyone from outside the company’s network from accessing the router. People from inside the network can access the router. We are going to achieve this in the most easy way possible. We will do this in two steps. Firstly, we will set up a firewall filter rule to capture the IP addresses of people trying to attack our router over the internet. Secondly, we will create another firewall filter rule to deny access to those IP addresses captured in the first rule. Doing this is very simple and straight forward and I am so excited to share with you. So lets jump in!
>>Click on IP>>Firewall>>Filter rule. Click on the plus sign, set the chain to input, in the source address, enter the address you want to permit to access the router over the internet and check the little box beside it. If it is a network, enter the network address followed by the slash notation for the subnetmask, choose the interface connecting your router to the internet (interface with public address), click on the action tab, click on the arrow beside action and choose “add to source address-list”. In the field for address-list name enter a name for the address-list, eg external attack. Click on apply and ok. This will add the source addresses of people (outside the once you permitted) trying to access your router over the internet to an address list called external attack. Next, we create a rule to block any source IP address found in the address list named external attack from accessing the router. >>Click on IP>>Firewall>>Filter rule. Click on the plus sign, set chain to input. Click on advanced, click on the arrow beside source address-list and choose the address list created in step one above (external attack), click on action and choose drop. See images below:
That is pretty much all you need to deny access to attackers trying to attack your router over the internet. This solution does not only stop the attack, it shows you the IP addresses of those initiating the attacks from which you can look the IP addresses up to get their locations, ISPs and even the organizations.
Thanks for reading and don’t forget to click on the like button.
Great information, now does it matter where the rules are , should they moved to the top. Thank you.
Would you need to add 2 rules for your DNS so they don’t get caught and prevent DNS from working?