About Me
MikroTik Certified Routing Engineer (MTCRE)
1 Introduction to MikroTik RouterOS
2 RouterOS Basics
1 Installation and Initial Configuration
2 User Management
3 System Resources
4 Backup and Restore
3 Interfaces and Bridges
1 Interface Configuration
2 Bridge Configuration
3 VLAN Configuration
4 Routing
1 Static Routing
2 Dynamic Routing Protocols
1 OSPF
2 BGP
3 EIGRP
3 Policy-Based Routing
5 Firewall and Security
1 Firewall Basics
2 NAT Configuration
3 IPsec VPN
4 SSL VPN
5 Traffic Shaping
6 Wireless Networking
1 Wireless Interface Configuration
2 Wireless Security
3 Wireless Bridging
4 Wireless Client Mode
7 QoS and Traffic Management
1 Queue Types
2 Queue Trees
3 Priority Queues
4 Traffic Rules
8 Load Balancing and High Availability
1 Load Balancing
2 High Availability with VRRP
3 Failover Configuration
9 Monitoring and Diagnostics
1 System Logs
2 Traffic Monitoring
3 Diagnostic Tools
10 Advanced Topics
1 IPv6 Configuration
2 MPLS Configuration
3 SDN and Automation
4 Cloud Hosted Router
11 Practical Scenarios
1 Small OfficeHome Office (SOHO) Network
2 Enterprise Network
3 Service Provider Network
12 Certification Exam Preparation
1 Exam Format and Structure
2 Practice Questions
3 Hands-On Labs
Firewall Basics in MikroTik

Firewall Basics in MikroTik

1. Understanding Firewall Basics

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. In MikroTik RouterOS, firewalls are used to protect networks from unauthorized access, malicious attacks, and other security threats.

2. Key Concepts

There are several key concepts related to firewall basics in MikroTik:

3. Filter Rules

Filter rules are the most common type of firewall rule. They are used to allow or deny traffic based on various criteria. For example, you can create a rule to block all incoming traffic from a specific IP address:

/ip firewall filter add chain=input src-address=192.168.1.10 action=drop

This rule tells the firewall to drop (block) all incoming traffic from the IP address 192.168.1.10.

4. NAT Rules

NAT rules are used to modify the IP addresses of packets. For example, you can create a NAT rule to allow internal devices to access the internet using a single public IP address:

/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade

This rule tells the firewall to replace the source IP address of outgoing packets with the public IP address of the router's ether1 interface.

5. Mangle Rules

Mangle rules are used to alter packet headers. For example, you can create a mangle rule to mark all incoming packets from a specific IP address with a specific TOS value:

/ip firewall mangle add chain=prerouting src-address=192.168.1.10 action=mark-routing new-routing-mark=high-priority

This rule tells the firewall to mark all incoming packets from 192.168.1.10 with a high-priority routing mark, which can be used for QoS purposes.

6. Address Lists

Address lists are used to group IP addresses or ranges. For example, you can create an address list for "Blocked IPs" and apply it to multiple firewall rules:

/ip firewall address-list add list=BlockedIPs address=192.168.1.10 /ip firewall filter add chain=input src-address-list=BlockedIPs action=drop

This rule tells the firewall to drop all incoming traffic from any IP address in the "BlockedIPs" address list.

7. Practical Example

Imagine you have a small office network with multiple departments. You want to ensure that only authorized devices can access the internet and that certain types of traffic (like VoIP) are prioritized. You can achieve this by configuring filter rules to allow only specific IP addresses, NAT rules to provide internet access, and mangle rules to prioritize VoIP traffic.

By mastering firewall basics in MikroTik, you can create a secure and efficient network environment. This knowledge is essential for anyone aiming to become a MikroTik Certified Routing Engineer.

© 2024 Ahmed Baheeg Khorshid. All rights reserved.