Không quá dài dòng, đây là cấu hình firewall mặc định của Mikrotik dành cho các bạn muốn xây dựng hệ thống bằng tay, không cần dùng default config.
Lưu ý đưa danh sách bridge, vlan, veth… vào interfaces list “LAN”, Cổng Wan, pppoe… vào interfaces list “WAN”. Nếu không, bạn có thể mất khả năng truy cập Winbox.
/ip/service/disable telnet
/ip/service/disable ssh
/ip/service/disable api
/ip/service/disable api-ssl
/ip/service/disable ftp
/ip firewall filter
add action=accept chain=input comment=\
"defconf: Allow Winbox 8291" protocol=tcp dst-port=8291
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
"defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
2022, adguard, adguard home, almalinux, android, apache, apple, Azure, centos, CVE, cyberpanel, cài đặt docker, directadmin, dns, docker, fastpanel, fedora, firewall, fix, ipv6, ispconfig, lemp, linux, Log4j, macos, mariadb, microsoft, Microsoft Active Directory, mikrotik, mysql, nginx, php, python, redis, rockylinux, security, server, tplink, ubuntu, USA, user, windows, windows server, windows server 2022, wordpress