On Tue, 2012-12-04 at 13:13 -0600, Ty Featherling wrote: > Since you mention it Butch, > > "NOTE that this is just an example and NOT the best way to handle input > rules to manage traffic on port 22 or any other management port." > > What do you recommend in those cases? I ask knowing that my devices have > rules basically just like that.
Input should be done with logic like this: 1. permit specific management traffic 2. permit desired network services 3. drop everything else The rule I used as an example for input traffic would only be needed if the logic were: 1. drop specific unwanted management traffic 2. unsure how the rest would be handled The firewall on my store site http://store.wispgear.net uses the first approach. FWIW, it uses address lists extensively. -- ******************************************************************** * Butch Evans * Professional Network Consultation * * http://www.butchevans.com/ * Network Engineering * * http://store.wispgear.net/ * Wired or Wireless Networks * * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * * NOTE THE NEW PHONE NUMBER: 702-537-0979 * ******************************************************************** _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
