Mikrotik ISP Grade Firewall
Here i am about to tell you how to set up an ISP grade firewall with mikrotik which will filter all your incoming and outgoing traffic. I am using this since last 1.5 year and it is working superbly fine for me.
General Input Output Rules
Input:
In input chain i am allowing established, related and my internal network ip addresses which is allowed to communicate with my router.
Input --- established --- Accept Input --- Related ---- Accept Input --- MyLan --- Accept
And then blocking all input to my Router from wan
Input --- WAN --- Block
Here is image which will give you clear idea about it.
Output:
Then again in output chain i am allowing established, related and my internal network ip addresses which is allowed to communicate out my router.
Output --- established --- Accept Output --- Related ---- Accept Output --- icmp --- icmp option --- icmp type --- 8 (echo request)--- icmp code 0 ---Accept
And then blocking all output from my router to WAN.
Here is the image which will give you clear idea about it.
Detect and Block Port Scanner:
Here is the list of rules which we need to create for detecting and block the Port Scanners.
And here is how we will create these.
1
2
3
4
And then finally block them.
Block Ping of Death and Allow Small Ping and Traceroute
Here is the list of rules which we need to create for Blocking ping of death and only allowing small ping and trace route.
And here is how we will create these
1
2
3
and then finally dropping them
Detect and Block SMTP Viruses Spammer
Here is the list of rules which we will create to detect smtp spammers and block them.
And here is how we will create it.
1
And then finally we will block it.
Block Invalid Packets and Virus Ports
Here we are simply blocking invalid packets and virus ports.
In the end your firewall will looking something like this.