Securing Your Network With MikroTik Router Firewall Rules

If you're reading this, chances are you have a MikroTik router and are looking to enhance its security features. One great way to do this is by enabling port knocking, a technique that allows you to open certain ports on your router only when a particular sequence of network activity is detected. By doing so, you can prevent unauthorized access attempts and keep your network safe from malicious threats.

MikroTik Firewall : Securing your Router with Port Knocking

What is Port Knocking?

Let's start by understanding what port knocking is. In simple terms, port knocking is a way to secure your network by enabling a specific sequence of network activity to access specific ports on your router. Port knocking provides an additional layer of security by making your network's ports invisible to those who are looking for open ports to exploit.

How Does Port Knocking Work?

The idea behind port knocking is pretty simple - it involves connecting to a closed port on your router, which triggers a sequence of network activity that, in turn, opens the desired port. For example, say you want to open port 80 on your router. You can set up the configuration such that when the user sends a connection request to port 8000, your router will open port 80. The sequence of network activity to trigger the port knocking could be anything - sending a specific set of packets, using the wrong password, etc.

Benefits of Port Knocking

Port knocking provides several benefits to your network's security:

Prevents unauthorized access to your network: If an unauthorized user tries to scan your network, they will be unable to detect the open ports that bypass port knocking. This makes your network less vulnerable to hacking attempts.
Easy to set up: Port knocking involves setting up a few scripts on your router, which is relatively hassle-free and doesn't require any expensive tools or software.
Enhances existing security features: Port knocking works alongside existing security features to create an additional layer of protection for your network.

Configuring Port Knocking on Your MikroTik Router

Configuring port knocking on your MikroTik router is easy, and can be done in just a few simple steps:

Step 1:

The first step is to create a script on your router that will detect the sequence of network activity to trigger the port knocking. You can create a script using the following commands:

 /ip firewall filter add action=accept chain=input comment="Knock port3128 1/5 (telnet)" disabled=no dst-port=3128 protocol=tcp src-address-list=Knock_1 || /ip firewall filter add action=add-src-to-address-list address-list=Knock_1 address-list-timeout=10000ms chain=input comment="List 1 add src address" disabled=no dst-port=23 protocol=tcp src-address=192.0.2.1 && /ip firewall filter add action=drop chain=input comment="Chain stop, do not repeat" disabled=no src-address-list=Knock_1

Step 2:

Next, you need to set up a rule on your router's firewall to open the desired port when the port knocking sequence is detected. Use the following command:

 /ip firewall filter add action=accept chain=input comment="Allow http traffic" disabled=no dst-port=80 protocol=tcp src-address=192.0.2.1

In this example, port 80 is opened for the IP address 192.0.2.1 when the knocking sequence is detected. You can change the IP address and port numbers as desired.

Read also

Step 3:

The final step is to set up a rule to close the port after a certain period of time. You can do this using the following command:

 /ip firewall filter add action=drop chain=input comment="Drop http traffic after 60 seconds" disabled=no dst-port=80 protocol=tcp src-address=192.0.2.1 time=1m

In this example, port 80 will be closed 60 seconds after it's opened. You can change the time period to suit your needs.

Conclusion

Enabling port knocking on your MikroTik router is an effective way to enhance your network's security. By making your network's ports invisible and enabling access only after a specific sequence of network activity, port knocking provides an additional layer of protection against hacking attempts. The process of configuring port knocking on your MikroTik router is relatively simple and can be done without the use of any expensive tools or software. Give it a try and see how it can help safeguard your network from malicious threats!