MikroTips: How to firewall

Introduction

This tutorial will guide you through the basics of setting up and managing a firewall using MikroTik RouterOS. You'll learn about the default firewall rules, how to create your own rules, and how to block specific web pages. Understanding these concepts is essential for protecting your network and controlling traffic efficiently.

Step 1: Understanding Firewall Filter Rule List

• Navigate to the firewall filter rule list in MikroTik RouterOS to view existing rules.
• The filter rule list displays the current rules applied to your network traffic.
• Familiarize yourself with the structure, which includes:
  • Chain: The context in which the rule applies (input, output, forward).
  • Action: What happens when the rule matches (accept, drop, reject).
  • Protocol: The type of traffic affected (TCP, UDP, etc.).

Step 2: Learning About Firewall Chains

• Understand the three main chains within MikroTik RouterOS:
  • Input Chain: Manages traffic destined for the router itself.
  • Output Chain: Controls traffic originating from the router.
  • Forward Chain: Regulates traffic passing through the router to other networks.
• Each chain plays a crucial role in determining how different types of traffic are handled.

Step 3: Exploring Default Rules

• MikroTik RouterOS comes with several default firewall rules that you should be aware of:
  • These rules may include allowing or denying established and related connections.
  • Familiarize yourself with what each default rule does to understand their impact on your network.
• Review the default settings to ensure they align with your security needs.

Step 4: Adding Your First Rule

• To create your own firewall rule, follow these steps:
  1. Go to the IP menu and select Firewall.
  2. Click on the Filter Rules tab.
  3. Select Add New.
  4. Specify the Chain (e.g., input) where you want to apply the rule.
  5. Choose the Action (e.g., accept or drop) based on your needs.
  6. Optionally, set additional parameters like source/destination address and protocol.
  7. Click OK to save your new rule.

Step 5: Blocking Webpages with MikroTik RouterOS

• To block specific websites, you can create a rule that targets HTTP/HTTPS traffic:
  1. Go to the Filter Rules section in the firewall.
  2. Click Add New.
  3. Set the Chain to forward.
  4. For the Protocol, select tcp.
  5. Set the Dst. Port to 80,443 (for web traffic).
  6. In the Advanced tab, enter the domain you want to block in the Content field.
  7. Choose the action as drop.
  8. Click OK to apply the rule.

Step 6: Learning More Resources

• For deeper insights and advanced configurations, refer to the MikroTik documentation:
  • Visit MikroTik Security Documentation for detailed information on securing your router.

Conclusion

In this tutorial, we covered the essentials of managing a MikroTik firewall, including understanding default rules, creating custom rules, and blocking web pages. By following these steps, you can enhance your network's security and control traffic more effectively. As you become more familiar with MikroTik RouterOS, consider exploring more advanced firewall configurations to further protect your network.