About Me
MikroTik Certified Network Associate (MTCNA)
1 Introduction to Networking
1-1 Basic Networking Concepts
1-2 OSI Model
1-3 TCPIP Model
1-4 IP Addressing
1-5 Subnetting
2 Introduction to MikroTik RouterOS
2-1 RouterOS Overview
2-2 RouterOS Installation
2-3 RouterOS Licensing
2-4 RouterOS Interface Overview
2-5 RouterOS Command Line Interface (CLI)
2-6 RouterOS Graphical User Interface (GUI)
3 Basic Router Configuration
3-1 Router Identification
3-2 Interface Configuration
3-3 IP Address Assignment
3-4 Default Gateway Configuration
3-5 DNS Configuration
3-6 Basic Firewall Configuration
4 Routing
4-1 Static Routing
4-2 Dynamic Routing Protocols
4-3 OSPF Configuration
4-4 BGP Configuration
4-5 Policy-Based Routing
5 Network Address Translation (NAT)
5-1 Introduction to NAT
5-2 Basic NAT Configuration
5-3 Port Address Translation (PAT)
5-4 One-to-One NAT
5-5 Hairpin NAT
6 Firewall and Security
6-1 Firewall Basics
6-2 Firewall Rules Configuration
6-3 NAT Rules Configuration
6-4 Traffic Shaping and QoS
6-5 VPN Basics
6-6 IPsec VPN Configuration
7 Wireless Networking
7-1 Wireless Basics
7-2 Wireless Interface Configuration
7-3 Wireless Security
7-4 Wireless Bridging
7-5 Wireless Access Point Configuration
8 Advanced Topics
8-1 VLAN Configuration
8-2 DHCP Server Configuration
8-3 DHCP Relay Configuration
8-4 PPPoE Server Configuration
8-5 PPPoE Client Configuration
8-6 Hotspot Configuration
8-7 Load Balancing
8-8 High Availability (Failover)
9 Troubleshooting and Maintenance
9-1 Basic Troubleshooting Techniques
9-2 Log Analysis
9-3 Backup and Restore
9-4 Firmware Updates
9-5 System Monitoring
10 Practical Exercises
10-1 Basic Router Configuration Exercise
10-2 Static Routing Exercise
10-3 NAT Configuration Exercise
10-4 Firewall Configuration Exercise
10-5 Wireless Configuration Exercise
10-6 Advanced Configuration Exercise
10-7 Troubleshooting Exercise
Basic Firewall Configuration

Basic Firewall Configuration

Basic firewall configuration is essential for securing a network by controlling incoming and outgoing traffic based on predefined rules. Understanding how to configure a firewall is crucial for network administrators, especially when preparing for the MikroTik Certified Network Associate (MTCNA) certification.

Key Concepts

1. Firewall Rules

Firewall rules define the conditions under which traffic is allowed or denied. These rules are typically based on criteria such as source IP address, destination IP address, protocol, and port number.

2. Chains

Chains are sequences of firewall rules that are applied to traffic. Common chains include "input" for incoming traffic, "output" for outgoing traffic, and "forward" for traffic passing through the router.

3. Actions

Actions determine what happens to traffic that matches a firewall rule. Common actions include "accept" to allow traffic, "drop" to silently discard traffic, and "reject" to send a rejection message.

Detailed Explanation

Firewall Rules

Firewall rules are the building blocks of a firewall configuration. Each rule specifies a set of conditions and an action to take if those conditions are met. For example, a rule might allow HTTP traffic (port 80) from a specific IP address.

Example: To create a rule that allows HTTP traffic from a specific IP address, you would use the command:

    /ip firewall filter add chain=input protocol=tcp src-address=192.168.1.100 dst-port=80 action=accept

Chains

Chains organize firewall rules into logical groups. The "input" chain is used for traffic destined for the router itself, the "output" chain is used for traffic initiated by the router, and the "forward" chain is used for traffic passing through the router.

Example: To apply a rule to the "forward" chain, you would specify "chain=forward" in the command:

    /ip firewall filter add chain=forward protocol=tcp dst-port=443 action=accept

Actions

Actions determine the fate of traffic that matches a rule. The "accept" action allows the traffic to pass, the "drop" action silently discards the traffic, and the "reject" action sends a rejection message back to the sender.

Example: To create a rule that drops all incoming ICMP traffic, you would use the command:

    /ip firewall filter add chain=input protocol=icmp action=drop

Examples and Analogies

Firewall Rules

Think of firewall rules as security guards at a building entrance. Each guard (rule) checks visitors (traffic) against a list of criteria (conditions) and decides whether to let them in (accept), send them away (reject), or ignore them (drop).

Chains

Consider chains as different rooms in a building. Each room (chain) has its own set of guards (rules) that check visitors (traffic) differently. For example, the lobby (input chain) might have guards checking everyone entering, while the exit (output chain) has guards checking everyone leaving.

Actions

Actions are like the decisions made by the guards. If a visitor (traffic) meets the criteria, the guard (rule) can let them in (accept), send them away (reject), or simply ignore them (drop).

By mastering basic firewall configuration, you can effectively secure your network and control traffic flow, making you a proficient network administrator.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.