How to Make Mikrotik Firewall Ip and Port Banning Rules?

It is very important for us to leave out the ports and services that we do not use to create our network security with the Mikrotik router. In this article, we first connect to the Mikrotik Firewall Ip and Port Banning method with the winbox application to see how to do it.

From here;
From the Ip / Firewall menu, we go to the Filter Rules tab.

We add a new rule by pressing the + button.

Firewall_rules
Firewall_rules

Chain: Prerouting

Protocol: TCP => The protocol used by the port we want to block

Des. Port 587 => The port we want to block

Connection State = New => If the connection is a new connection, we mark the package

Click the Extra tab and make a limitation here.

Firewall_rules_1
Firewall_rules_1

We go to the Action tab, as seen in the picture above.

Action: add src to address list => We will save the requests to port 587 in a list.

Address list: => The name of the list where we will save the incoming requests.

Timeout: => Timeout

In the rule here, we mark the requests coming from outside with the  587 port and record the IP addresses of the incoming requests in a list. Now we need to write another rule and act on this list.

For this

From the Ip / Firewall menu, we go to the Filter Rules tab.

We add a new rule by pressing the + button.

On the General Tab

Chain: Forward

Protocol: TCP => Protocol

Dst.Prt: => We are adding port 587

Go to the Advanced tab and

Src. Address List: We choose whatever alias we have given to the IP list that we have just blocked.

On the Action tab

We choose Drop and click Apply and OK.

In this way, marking the requests coming to port 587 prevented it from making a connection later.

I hope it has been a useful article.