SergANT/network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix firewall input from localhost to localhost

Browse Source
This commit is contained in:
Sergei Bobkov
2025-01-02 22:38:18 +03:00
parent 4f74be9369
commit 36d8ab2e0e
5 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
mikrotik/base-config/dc01-ccr01-terse.rsc
View File

@@ -96,6 +96,7 @@
/ip firewall filter add action=accept chain=allow-default-for-all protocol=icmp
/ip firewall filter add action=accept chain=allow-default-buh protocol=icmp
/ip firewall filter add action=accept chain=forward comment="allow FORWARD from INSIDE <--> TRANSPORT LINK <--> OUTSIDE (to dc01-gw01)" connection-state=new dst-address-list=!all-networks out-interface=sfp-sfpplus12 src-address-list=all-networks
/ip firewall filter add action=accept chain=input comment="allow INPUT from lo -->> ME " in-interface=lo
/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset
/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
/ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""