Yes, it is highly recommended to use firewall rules that handle invalid, established and related connections, especially in firewall configurations such as those of MikroTik and other network devices.
These rules not only improve network security, but also optimize firewall performance by reducing the number of packets that need to be deeply inspected.
Below is the purpose and benefit of each type of rule:
Established connections
These rules allow packets that are part of an already established session, that is, sessions that have been previously recognized and accepted by the firewall. By allowing only packets that belong to already established connections, the firewall can process traffic more quickly because it does not need to review each packet in detail. This is crucial for performance, especially on busy networks.
Related connections
These types of rules allow packets that are part of a new session but are related to an existing session. A common example is FTP traffic where one connection is created for commands and a different one for data transfer. Allowing related connections helps maintain the functionality of applications and services that need multiple data streams to operate correctly, while ensuring that only legitimate and expected connections are allowed.
Invalid connections
Rules that block invalid connections reject packets that cannot be identified as part of an established or related session, or that somehow do not follow the expected protocol (such as a SYN packet in response to an already sent SYN packet). These rules are essential for security, as they prevent vulnerability exploitation attempts and denial of service (DoS) attacks, which often attempt to establish anomalous or invalid connections.
Implementing these rules in a firewall significantly improves the effectiveness of network security by filtering unwanted or potentially dangerous traffic before it can affect internal resources.
Additionally, these rules help reduce the firewall's workload, allowing it to more efficiently handle legitimate traffic and improve network speed.
In summary, using these rules in your firewall configuration is not only recommended, but is standard practice in managing secure networks.
There are no tags for this post.