Securing MikroTik RouterOS With Firewall Filters

Let me tell you about a great way to secure your MikroTik router using something called port knocking. With the help of this technique, you can keep your router protected from unauthorized access and make sure it is secure at all times.

MikroTik Firewall : Securing your Router with Port Knocking

Port knocking is a method of hiding the existence of a server behind closed ports. Essentially, the ports are closed by default, and when someone wants to access the server behind those ports, they must first "knock" on a series of other ports in a certain order. Once the correct sequence is entered, the server will recognize the knock and allow access to the closed ports.

This technique can be used to secure your MikroTik router and is relatively easy to implement. Here's how to do it:

First, you need to create a new firewall chain by logging in to your MikroTik router and going into the terminal.
/ip firewall chain add chain=knock-closed action=drop
Next, you need to add some rules to the firewall chain to allow certain "knock" sequences.
/ip firewall filter add chain=input protocol=tcp dst-port=12345 src-address-list=knock-allowed action=add-src-to-address-list address-list=knocked address-list-timeout=5m comment="knock step 1"
/ip firewall filter add chain=input protocol=tcp dst-port=54321 src-address-list=knocked action=add-src-to-address-list address-list=knocked address-list-timeout=5m comment="knock step 2"
Now that your firewall chain and rules are set up, you need to add your trusted IP address to the "knock-allowed" list.
/ip firewall address-list add list=knock-allowed address=192.168.1.2 comment="My Trusted IP Address"
Finally, you need to add a rule to allow access to the opened ports for the trusted IP address.
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address=192.168.1.2 action=accept

With these steps, your MikroTik router will be secured with port knocking. When you want to access the protected ports, simply knock on the correct sequence of open ports, and you will gain access.

But what happens if someone tries to access your router without knocking?

The answer is simple. Any connections to the closed ports will be dropped by the firewall chain. This means that anyone trying to access your router without knocking on the right ports will be unable to get through.

One thing to keep in mind, though, is that if you are using port knocking, you should consider hiding your real SSH port. This is because if someone knows your SSH port number, they can attempt to brute force their way into your router. However, if your SSH port is hidden, they won't know where to start, effectively blocking them from gaining access.

Overall, port knocking is an excellent way to secure your MikroTik router and protect your network from unauthorized access. With just a few simple steps, you can set up port knocking and keep your router safe.

So why not give port knocking a try and see how it can benefit your network security?