настройка фаервола
Добавлено: 18 июн 2013, 13:10
всем привет. помогите разобраться - для блокировки доступа из вне на оф сайте указаны следующие правила для фаервола
Protect your RouterOS router
To protect your router, you should not only change admin's password but also set up packet filtering. All packets with destination to the router are processed against the ip firewall input chain. Note, that the input chain does not affect packets which are being transferred through the router.
/ ip firewall filter
add chain=input connection-state=invalid action=drop \
comment="Drop Invalid connections"
add chain=input connection-state=established action=accept \
comment="Allow Established connections"
add chain=input protocol=udp action=accept \
comment="Allow UDP"
add chain=input protocol=icmp action=accept \
comment="Allow ICMP"
add chain=input src-address=192.168.0.0/24 action=accept \
comment="Allow access to router from known network"
add chain=input action=drop comment="Drop anything else"
объясните, пожалуйста, для чего нужны первые два??
Protect your RouterOS router
To protect your router, you should not only change admin's password but also set up packet filtering. All packets with destination to the router are processed against the ip firewall input chain. Note, that the input chain does not affect packets which are being transferred through the router.
/ ip firewall filter
add chain=input connection-state=invalid action=drop \
comment="Drop Invalid connections"
add chain=input connection-state=established action=accept \
comment="Allow Established connections"
add chain=input protocol=udp action=accept \
comment="Allow UDP"
add chain=input protocol=icmp action=accept \
comment="Allow ICMP"
add chain=input src-address=192.168.0.0/24 action=accept \
comment="Allow access to router from known network"
add chain=input action=drop comment="Drop anything else"
объясните, пожалуйста, для чего нужны первые два??