About Me
MikroTik Certified Internetworking Engineer (MTCINE)
1 Introduction to Networking
1-1 Basic Networking Concepts
1-2 OSI Model
1-3 TCPIP Model
1-4 Network Devices
1-5 Network Topologies
2 MikroTik RouterOS Basics
2-1 Introduction to RouterOS
2-2 RouterOS Interface
2-3 Basic Configuration
2-4 User Management
2-5 System Logging
3 IP Addressing and Subnetting
3-1 IPv4 Addressing
3-2 Subnetting
3-3 IPv6 Addressing
3-4 IPv6 Subnetting
3-5 NAT and PAT
4 Routing
4-1 Static Routing
4-2 Dynamic Routing Protocols
4-3 OSPF
4-4 BGP
4-5 EIGRP
5 Wireless Networking
5-1 Wireless Basics
5-2 Wireless Security
5-3 Wireless Configuration
5-4 Wireless Bridging
5-5 Wireless Repeaters
6 VPN Technologies
6-1 VPN Basics
6-2 IPsec VPN
6-3 OpenVPN
6-4 L2TPPPTP
6-5 SSL VPN
7 Quality of Service (QoS)
7-1 QoS Basics
7-2 Traffic Shaping
7-3 Policing
7-4 Prioritization
7-5 Queue Types
8 Firewall and Security
8-1 Firewall Basics
8-2 Firewall Rules
8-3 NAT Rules
8-4 Filtering Rules
8-5 Hotspot and Captive Portal
9 Advanced Topics
9-1 VLANs
9-2 MPLS
9-3 High Availability
9-4 Load Balancing
9-5 Monitoring and Troubleshooting
8.2 Firewall Rules Explained

8.2 Firewall Rules Explained

Key Concepts

1. Firewall Rules

Firewall rules are sets of instructions that determine how network traffic is handled. These rules define which traffic is allowed or denied based on specific criteria such as source IP, destination IP, protocol, and port number. Firewall rules are essential for securing a network by controlling access and preventing unauthorized traffic.

Example: Think of firewall rules as security guards at a building entrance. Just as security guards allow or deny entry based on certain criteria, firewall rules allow or deny network traffic based on predefined conditions.

2. Rule Matching

Rule matching is the process of evaluating incoming traffic against the defined firewall rules. Each packet is checked against the rules in the order they are listed. The first matching rule determines the action taken on the packet. Rule matching ensures that traffic is processed according to the network's security policies.

Example: Consider rule matching as a checklist at a customs checkpoint. Just as customs officers check each item against a list, firewall rules check each packet against a set of conditions to determine the appropriate action.

3. Action Types

Action types define what happens to the traffic that matches a firewall rule. Common actions include:

Example: Think of action types as different responses to a visitor at a gated community. Just as the gatekeeper can allow entry, deny entry, or ask the visitor to leave, firewall actions can accept, drop, reject, or log traffic based on the rule.

4. Rule Prioritization

Rule prioritization refers to the order in which firewall rules are applied. Rules are typically processed from top to bottom, with the first matching rule taking precedence. Proper rule prioritization is crucial for ensuring that the most critical rules are applied first and that traffic is handled as intended.

Example: Consider rule prioritization as a queue at a bank. Just as customers are served in the order they arrive, firewall rules are applied in the order they are listed, with the first matching rule taking action.

5. Logging

Logging is the process of recording information about traffic that matches specific firewall rules. Logging helps in monitoring network activity, troubleshooting issues, and ensuring compliance with security policies. Log entries typically include details such as source IP, destination IP, protocol, and action taken.

Example: Think of logging as a security camera recording events at a building entrance. Just as security cameras record who enters and exits, firewall logs record network traffic and the actions taken by the firewall.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.