To configure firewall rules on a MikroTik router that allow access to WinBox only to a specific user, you need to define the rules based on the user's IP address.

WinBox is a management application for MikroTik devices that uses port 8291 by default.

Here's how to create firewall rules for this purpose using the MikroTik RouterOS command line interface (CLI):

Step 1: Allow Access to the Specific User

First, you need to create a rule that allows access to port 8291 (used by WinBox) only from the authorized user's IP address. Replaces 192.168.1.2 with the user's real IP address.

/ip firewall filter
add action=accept chain=input protocol=tcp dst-port=8291 src-address=192.168.1.2 comment="Permitir acceso WinBox a usuario específico"

This rule adds an exception to the firewall to accept TCP connections on port 8291 only if they come from the IP address 192.168.1.2.

Step 2: Block Access to All Other Users

After creating a rule that allows access to the specific user, you need to ensure that no other user can access it through WinBox. This is done by creating a rule that blocks any other connections to port 8291.

add action=drop chain=input protocol=tcp dst-port=8291 comment="Bloquear acceso WinBox a todos los demás"

This rule will ensure that all other connections to port 8291 that have not been explicitly allowed by previous rules are blocked.

Important considerations

• Order of the Rules: In the MikroTik firewall, rules are processed in sequential order from the first to the last. Therefore, it is crucial to place the allow rule before the block rule, to ensure that the authorized user has access before the general block is applied.
• Additional Security: Consider implementing additional security measures, such as changing WinBox's default port to a less common port to reduce the risk of automated attacks.
• Remote access: If the user needs remote access from outside the local network, make sure the public IP address they will connect from is the one you configure in the rule and consider using VPNs or Source NAT rules for added security.

These firewall rules will help you control access to your MikroTik router settings through WinBox, allowing only specific users and blocking any unauthorized attempts.