Oh okay. The way mine are setup I have trusted addresses in a address-list. I drop any input traffic to management ports that is NOT in the address-list.
Now that you say it I remember you teaching it like you just said. PERMIT trusted traffic, drop everything else. Thanks for the refresher! -Ty On Tue, Dec 4, 2012 at 1:54 PM, Butch Evans <[email protected]> wrote: > On Tue, 2012-12-04 at 13:13 -0600, Ty Featherling wrote: > > Since you mention it Butch, > > > > "NOTE that this is just an example and NOT the best way to handle input > > rules to manage traffic on port 22 or any other management port." > > > > What do you recommend in those cases? I ask knowing that my devices have > > rules basically just like that. > > Input should be done with logic like this: > 1. permit specific management traffic > 2. permit desired network services > 3. drop everything else > > The rule I used as an example for input traffic would only be needed if > the logic were: > 1. drop specific unwanted management traffic > 2. unsure how the rest would be handled > > The firewall on my store site http://store.wispgear.net uses the first > approach. FWIW, it uses address lists extensively. > > -- > ******************************************************************** > * Butch Evans * Professional Network Consultation * > * http://www.butchevans.com/ * Network Engineering * > * http://store.wispgear.net/ * Wired or Wireless Networks * > * http://blog.butchevans.com/ * ImageStream, Mikrotik and MORE! * > * NOTE THE NEW PHONE NUMBER: 702-537-0979 * > ******************************************************************** > > > > _______________________________________________ > Mikrotik mailing list > [email protected] > http://www.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20121204/66441130/attachment.html> _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
