SergANT/network
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix firewall input from localhost to localhost

Browse Source
This commit is contained in:
Sergei Bobkov
2025-01-02 22:38:18 +03:00
parent 4f74be9369
commit 36d8ab2e0e
5 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
mikrotik/base-config/dc01-emer01-terse.rsc
View File

@@ -57,6 +57,7 @@
/ip firewall filter add action=accept chain=input connection-state=new dst-port=22,8291 in-interface=ether1-outside protocol=tcp src-address=213.141.150.29
/ip firewall filter add action=accept chain=input dst-address=172.20.1.0/24 in-interface=bridge-local protocol=icmp src-address=172.20.1.0/24
/ip firewall filter add action=accept chain=input connection-state=new dst-address=172.20.1.0/24 dst-port=22,8291 in-interface=bridge-local protocol=tcp src-address=172.20.1.0/24
/ip firewall filter add action=accept chain=input comment="allow INPUT from lo -->> ME " in-interface=lo
/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME TCP reject-with tcp-reset" connection-state=new protocol=tcp reject-with=tcp-reset
/ip firewall filter add action=reject chain=input comment="deny INPUT any -->> ME UDP reject-with icmp-port-unreachable" connection-state=new protocol=udp reject-with=icmp-port-unreachable
/ip firewall filter add action=drop chain=input comment="deny INPUT all" connection-state=""