Something that stands out as a nice firewall feature is the use of address lists (/ip/firewall/address lists). I was talking with a third party who was surprised how this could be used to have some hidden open ports on the external wan interface (or your pppoe interface).
using port knocking (google it) you define say a firewall rule on a TCP or UDP port and when a connection is made, record the source IP in a address list for 5 secs. following that rule, have a 2nd rule on another TCP or UDP port and then check if the source IP is already in the first address list (from within 5 secs ago), if so add the source IP to a "good guys" address list.
a 3rd firewall rule is to check an open inbound port (say RDP on 3389/tcp) and if your source IP is in the goodguy address list then the rule will let you connect.
this isn't a replacement for any vpn solution, just a simple way to sort-of restrict access to certain common ports like RDP. you can get a port knock app for the iphone/ipad/droid/pc so a simple solution to stop the bots from hitting the RDP port.
No comments:
Post a Comment