et Broadband
>>
>> -Original Message-
>> From: Rory McCann
>> To: Mikrotik discussions
>> Sent: Thu, 07 Aug 2014 3:52 PM
>> Subject: Re: [Mikrotik] DNS Firewall
>>
>> I wouldn't leave it open either though because your router will be
&
Original Message-
From: Rory McCann
To: Mikrotik discussions
Sent: Thu, 07 Aug 2014 3:52 PM
Subject: Re: [Mikrotik] DNS Firewall
I wouldn't leave it open either though because your router will be
abused via DDoS using DNS amplification.
Personally, I would either create an address li
Okay, let's run through the rules I have.
* I create an address list of all DNS servers that should be allowed to
communicate with the outside world, regardless of direction.
* I create an address list of subnets allowed on my network (public and
management).
* First rule allows
gt; The router itself is still answering DNS for some devices.
>>
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>>
>>
>>
>> - Original Message -
>>
>> Fr
me devices.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
- Original Message -
From: "Chupaka"
To: "Mikrotik discussions"
Sent: Wednesday, August 6, 2014 11:56:06 AM
Subject: Re: [Mikrotik] DNS Firewall
Why do you need to block it in input
tions
> http://www.ics-il.com
>
>
>
> - Original Message -
>
> From: "Chupaka"
> To: "Mikrotik discussions"
> Sent: Wednesday, August 6, 2014 11:56:06 AM
> Subject: Re: [Mikrotik] DNS Firewall
>
> Why do you need to block it i
The router itself is still answering DNS for some devices.
-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com
- Original Message -
From: "Chupaka"
To: "Mikrotik discussions"
Sent: Wednesday, August 6, 2014 11:56:06 AM
Subject
Why do you need to block it in input chain? Forward is quite enough.
--
Подпись:
(добавляется в конце всех исходящих писем)
2014-08-06 18:32 GMT+03:00 Mike Hammett :
> Would this be a good DNS ruleset? Assuming I put my DNS servers in the
> DNS_Servers address list. Well, and assuming I enable
Would this be a good DNS ruleset? Assuming I put my DNS servers in the
DNS_Servers address list. Well, and assuming I enable them...
add action=accept chain=forward disabled=no dst-address-list=DNS_Servers
dst-port=53 protocol=tcp
add action=reject chain=forward disabled=yes dst-port=53 protoc
9 matches
Mail list logo