Protect your local network behind Mikrotik router
You can use this basic set of command you can put in your RouterOS terminal which will become firewall rules on your Mikrotik router. It should protect you from lot if attactks from Internet. Most easy way would be to put commands below into notepad, modify src-address= to fit your needs (example: 192.168.1.0/24) and then copy all comands and paste into RouterOS terminal. After you execute commands everything under LAN and to WAN is accessible, but access from WAN to LAN wont be avaliable. This can protect you for example from DNS attacks.
/ ip firewall filter add chain=input connection-state=established comment="Accept established connections" add chain=input connection-state=related comment="Accept related connections" add chain=input connection-state=invalid action=drop comment="Drop invalid connections" add chain=input protocol=udp action=accept comment="UDP" disabled=no add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings" add chain=input protocol=icmp action=drop comment="Drop excess pings" add chain=input src-address=YOUR SUBNET/NETWORK comment="From our LAN" action=accept add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else" add chain=input action=drop comment="Drop everything else"
Experienced Linux Software Developer with a demonstrated history of working in the information technology and services industry. Skilled in Linux System Administration, Development, Networking and Documentation writting.