At MikroTik, the access-lists They are primarily used in the context of wireless networks to control network access based on the MAC address of the devices, not based on TCP or UDP ports.
To filter traffic for specific TCP or UDP ports, you must use the firewall rules of MikroTik, specifically, the firewall filter rules.
Firewall rules in RouterOS allow great flexibility and precision in defining what traffic to allow, reject, or discard, based on a wide range of criteria, including TCP or UDP port numbers.
How to Filter TCP/UDP Ports Using Firewall Filter Rules:
- Access to RouterOS: Use WinBox or the CLI terminal to access your MikroTik device.
- Navigate to Firewall Rules: In WinBox, go to
IP
->Firewall
and select the tabFilter Rules
. In the CLI, the command would be/ip firewall filter
. - Add a New Rule: click on the sign
+
to add a new rule if you are in WinBox, or use the commandadd
in the CLI. Define the rule by specifying:- chain: Generally,
input
to filter incoming traffic to the router,forward
for traffic through the router, oroutput
for outgoing traffic from the router. - Protocol: Choose
tcp
oudp
depending on the type of traffic you want to filter. - Dst. Port: Specify the destination port number for the TCP or UDP traffic you want to filter. You can also specify port ranges.
- Action: Choose what you want to do with traffic that matches this rule (for example,
drop
to discard it,accept
to allow it).
- chain: Generally,
- Apply and Verify the Rule: Make sure you apply the changes and, if possible, verify that the rule is working as you expect.
Example CLI Command to Filter TCP Port 80:
sqlCopy code/ip firewall filter add chain=forward protocol=tcp dst-port=80 action=drop
This command creates a rule that drops all network traffic that is routed through the router to TCP port 80.
Considerations:
- Rules Priority: Firewall rules are processed in sequential order. Be sure to organize your rules so that more specific rules come before more general ones to avoid conflicts or unwanted behavior.
- Testing and Monitoring: After configuring new firewall rules, it is important to monitor traffic and logs to ensure that filtering is working as expected and is not blocking legitimate traffic or allowing unwanted traffic.
Using MikroTik firewall rules is an effective way to control access to your network and protect your internal resources from unwanted or potentially dangerous traffic.
There are no tags for this post.