![]() ![]() Established and related connections are accepted on the forward chain of the combo1 interface.All requests on the input chain of the combo1 interface is dropped.Established and related connections are accepted on the input chain of the combo1 interface.Port 22/tcp is tarpitted on the input and forward chain of the combo1 interface.output: traffic originating/leaving router.In-interface=combo1 reject-with=icmp-network-unreachable Next I added some firewall rules, these are pretty basic: add action=tarpit chain=input dst-port=22 in-interface=combo1 protocol=tcp \Īdd action=tarpit chain=forward dst-port=22 in-interface=combo1 protocol=tcpĪdd action=accept chain=input connection-state=established,related \Īdd action=drop chain=input in-interface=combo1Īdd action=accept chain=forward comment="Allow established/related" \Ĭonnection-state=established,related in-interface=combo1Īdd action=accept chain=forward in-interface=combo1Īdd action=reject chain=forward comment="Default drop" connection-state="" \ I allowed remote DNS requests, although I’m probably going to something like Pi-Hole for that: /ip dns This was the result of the created DHCP server: /ip poolĪdd address-pool=dhcp_pool0 disabled=no interface=ether2 name=dhcp1 There is a wizard in the graphical interface, or using ip dhcp-server setup in the terminal. Because 10.0.0.0 is the network address and 10.0.0.4 is the broadcast address. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |