Block all Outside IP addresses to NAS using Winbox/Microtik

networking router firewall nas mikrotik
5,533

Typically your NAS would not be accessible to any outside access unless you've either a) specifically forwarded a port(s) to it b) do not have a drop rule in your firewall.

Option b should exist from mikrotik default setup/config, option a should only exist if you did it your self.

So passively, your nas is allowed to go out to the 'net (example to check for updates) but nothing can reach (or initiate with) the NAS. If you want to explicitly block any/all in/out to the nas this rule should help:

/ip firewall filter add chain=forward action=drop src-address=192.168.88.7 place-before=0

Change src-address= to the LAN IP of your NAS. Make sure that place-before is somewhere above your final 'drop' rule.

If you don't have a rule to drop all traffic at the end of your Filter Rules, you should add one immediately. Note it's important that this rule is LAST in your Filter Rules. Anything below it will never be run. If it's first you will likely lock yourself out of the router.

EDIT- Added images: Image 1 2 3

Share:
5,533

Related videos on Youtube

JPM
Author by

JPM

Java Programmer for 6 years and seasoned Android developer, some C#, slightly new Windows Mobile developer. Member of the Bluetooth SIG Naming and Version Committee Musically inclined, play guitar and singer/songwriter, band investor among many other titles in the music biz.

Updated on September 18, 2022

Comments

  • JPM
    JPM over 1 year

    I am not an expert on networking and firewall rules. I can use the Microtik/Winbox app to the point where I can setup basic firewall rules. I want to basically block all outside IP access to my NAS except what is in my internal network. Seems someone from Romania can still get in since the IP 79.112.. seems to making connections from my NAS to those IPs and snaking up ports from 40k to 60k. There might be rogue program on my machine but in the mean time I'd like to just block all connections in or out to my NAS. Using Winbox how can I do this in the Firewall/Filter Rules section?

  • JoelAZ
    JoelAZ over 9 years
    Winbox is a powerful tool. In addition to using graphically as you have you can also open a terminal within it and use the command line. Find the 'New Terminal' button on the left side. You can then enter the code above, exactly as typed, in the terminal.
  • JoelAZ
    JoelAZ over 9 years
    Further - there is a correlation between terminal commmands and Winbox graphical input so for example, using the command above: Go to IP, then Firewall. Go to the Filter tab and click add (the plus button) Set the chain to forward set the src-address to match your NAS lan ip. Switch to the Action tab and set the Action to Drop. Click OK. Back at the Filter Rules, drag this new rule from the bottom of the list to the top.
  • JoelAZ
    JoelAZ over 9 years
    Added images to my post. Hope that clarifies for you. In the future/for reference, it's expected that you'll put in some effort to solve your own problems as well as the help you get from the community so if an answer is not step by step noob simple, try a little google/ searching first. Anyway, hope this gets you on track.
  • JPM
    JPM over 9 years
    Hence why I asked it here googled it and most was command line which I am hesitant to do cause I don't want to lock myself out of router. Winbox allows you to test the setup before, and can roll it back. Thanks for the help, I do have a drop all at the end.
  • JoelAZ
    JoelAZ over 9 years
    No worries, glad it helped. As you continue to learn Mikrotik I encourage you to always bear in mind the correlation between the way things are laid out in the GUI and the way the command lines are constructed. This is a huge help in taking command line answers you find via google or other fora and transposing them into the right clicks to do it via teh GUI. This alone was a huge help for me when learning my way around it.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

VPN Issue - successful connection through mobile (iPhone Hotspot) but unsuccessful through home WIFI
How to Access a NAS outside your home network
Can a people DDOS a block Port?
Debian (OpenMediaVault) cannot resolve hostnames
how much of a security risk is turning off the firewall in a modem?
Why my Port Forwarding rule is not working?
What might these connection attemps mean?
Block ARP requests (or broadcast message, if possible) from A SPECIFIC HOST in a subnet
Firewall Throughput vs. UTM Throughput
NAS storage slow wired network speed (Netgear WNDR3700 router)