Firewall and QoS Case Studies
These case studies show practical firewall and QoS configurations, including brute-force prevention, DDoS protection, connection-rate rules, port knocking, and advanced firewall designs. Use them as examples for common security policies.
Bruteforce prevention
This page explains how to configure bruteforce prevention on MikroTik RouterOS by using firewall filters to block SSH login attempts after multiple failed attempts, with varying timeouts for each attempt level and a final allowance for legitimate users.
Building Advanced Firewall
This page guides building an advanced firewall on MikroTik RouterOS by configuring interface lists, filtering rules for IPv4 and IPv6, accepting ICMP/DHCPv6 while blocking invalid addresses, and managing traffic flows between WAN and LAN interfaces.
Connection rate
Connection Rate is a MikroTik RouterOS firewall feature that monitors and filters traffic based on connection speed, using 'connection-bytes' and 'connection-rate' to detect high-speed connections for prioritization or throttling.
DDoS Protection
This page explains MikroTik RouterOS DDoS protection configuration, covering firewall rules for detecting and blocking various attack types like HTTP floods, SYN floods, and DNS amplification. It includes detailed configuration examples for address lists, firewall chains, and specific TCP SYN cookie settings to mitigate DoS/DDoS attacks.
Port knocking
Port knocking is a security method to protect public IP addresses by requiring a specific sequence of port connections before granting access. The documentation provides setup examples, including firewall rule configurations for adding IPs to trusted lists and blocking suspicious ports, with warnings about resource usage.