I am not an expert on networking and firewall rules. I can use the Microtik/Winbox app to the point where I can setup basic firewall rules. I want to basically block all outside IP access to my NAS except what is in my internal network. Seems someone from Romania can still get in since the IP 79.112.. seems to making connections from my NAS to those IPs and snaking up ports from 40k to 60k. There might be rogue program on my machine but in the mean time I'd like to just block all connections in or out to my NAS. Using Winbox how can I do this in the Firewall/Filter Rules section?
Asked
Active
Viewed 5,906 times
1 Answers
2
Typically your NAS would not be accessible to any outside access unless you've either a) specifically forwarded a port(s) to it b) do not have a drop rule in your firewall.
Option b should exist from mikrotik default setup/config, option a should only exist if you did it your self.
So passively, your nas is allowed to go out to the 'net (example to check for updates) but nothing can reach (or initiate with) the NAS. If you want to explicitly block any/all in/out to the nas this rule should help:
/ip firewall filter add chain=forward action=drop src-address=192.168.88.7 place-before=0
Change src-address= to the LAN IP of your NAS. Make sure that place-before is somewhere above your final 'drop' rule.
If you don't have a rule to drop all traffic at the end of your Filter Rules, you should add one immediately. Note it's important that this rule is LAST in your Filter Rules. Anything below it will never be run. If it's first you will likely lock yourself out of the router.
EDIT- Added images:
JoelAZ
- 763