ICMP Chain Only

This entry was posted in MikroTik on by

#########################################################################################################
# ICMP Chain Only #
#########################################################################################################

/ip firewall filter
add action=accept chain=input comment=”Allow Admins” src-address-list=Admins
add action=accept chain=input comment=”Allow DNS” port=53 protocol=udp
add action=drop chain=input comment=”Drop everyone else”
add action=accept chain=output comment=”Section Break” disabled=yes
add action=jump chain=input comment=”Jump to RFC ICMP Protection Chain” jump-target=”RFC ICMP Protection” protocol=icmp
add action=jump chain=forward comment=”Jump to RFC ICMP Protection Chain” jump-target=”RFC ICMP Protection” protocol=icmp
add action=add-dst-to-address-list address-list=”Suspected SMURF Attacks” address-list-timeout=none-dynamic chain=”RFC ICMP Protection” comment=”Detect Suspected SMURF Attacks” dst-address-type=\
broadcast log=yes log-prefix=”FW-SMURF Attacks” protocol=icmp
add action=drop chain=”RFC ICMP Protection” comment=”Drop Suspected SMURF Attacks” dst-address-list=”Suspected SMURF Attacks” protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Echo Requests” icmp-options=8:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Echo Replys” icmp-options=0:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Destination Network Unreachable” icmp-options=3:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Destination Host Unreachable” icmp-options=3:1 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Accept Destination Port Unreachable” icmp-options=3:3 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Fragmentation Messages” icmp-options=3:4 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Source Route Failed” icmp-options=3:5 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Network Admin Prohibited” icmp-options=3:9 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Host Admin Prohibited” icmp-options=3:10 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Router Advertisemnet” icmp-options=9:0 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Router Solicitation” icmp-options=9:10 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=”Time Exceeded” icmp-options=11:0-255 protocol=icmp
add action=accept chain=”RFC ICMP Protection” comment=Traceroute icmp-options=30:0 protocol=icmp
add action=drop chain=”RFC ICMP Protection” comment=”Drop ALL other ICMP Messages” log=yes log-prefix=”FW-ICMP Protection” protocol=icmp

ICMP_Chain_Only

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.