...
If you are using Winbox/WebFig for configuration, here is an example of how to add an established/related/untracked rule:
- Open the IP -> Firewall window and navigate to the Filter Rules tab;
- Click on the "+" button to open a new dialog;
- Select "input" for the chain.
- Click on "Connection state" and check the boxes for "established," "related," and "untracked."
- Go to the Action tab and ensure that "accept" is selected.
- Click on OK to apply the settings.
...
| Code Block | ||
|---|---|---|
| ||
/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade |
| Warning |
|---|
In case if a If the public interface is a pppoe, then the PPPoE, LTE, or any other type, the 'out-interface' should be set to "pppoe-out"that interface. |
Another benefit of such a setup is that NATed clients behind the router are not directly connected to the Internet, that way additional protection against attacks from outside mostly is not required.
...
For more detailed examples on how to build firewalls will be discussed in the firewall section, or check directly Building Your First Firewall article.
Blocking Unwanted Websites
...