The document outlines a webinar hosted by GLC Networks on Mikrotik firewalls, covering topics such as firewall features, functionalities, and configurations. It provides introductory information about GLC Networks, the trainer, and the Mikrotik brand, while also inviting participants to engage in networking and sharing experiences. Additionally, it includes details on specific firewall rules and emphasizes the importance of training and feedback from attendees.

1. www.glcnetworks.com
Firewall filter
GLC webinar, 9 february 2017
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia

2. www.glcnetworks.com
Agenda
● Introduction
● Mikrotik Firewall
● Mikrotik Firewall filter
● Demo
● Q & A
2

3. www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)
● An Indonesian company
● Located in Bandung
● Areas: Training, IT Consulting
● Mikrotik Certified Training Partner
● Mikrotik Certified Consultant
● Mikrotik distributor
3

4. www.glcnetworks.com
About GLC webinar?
● First webinar: january 1, 2010 (title:
tahun baru bersama solaris - new
year with solaris OS)
● As a sharing event with various
topics: linux, networking, wireless,
database, programming, etc
● Regular schedule: every 2 weeks
● Irregular schedule: as needed
● Checking schedule:
http://www.glcnetworks.com/main/sc
hedule
● You are invited to be a presenter
○ No need to be an expert
○ This is a forum for sharing: knowledge,
experiences, information
4

5. www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah
● Base: bandung, Indonesia
● Linux user since 1999
● Mikrotik user since 2007
● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE)
● Mikrotik Certified Consultant
● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer
● Personal website: http://achmadjournal.com
● More info:
http://au.linkedin.com/in/achmadmardiansyah
5

6. www.glcnetworks.com
Please introduce yourself
● Your name
● Your company/university?
● Your networking experience?
● Your mikrotik experience?
● Your expectation from this course?
6

7. www.glcnetworks.com
What is Mikrotik?
● Name of a company
● A brand
● A program (e.g. mikrotik academy)
● Headquarter: Riga, Latvia
7

8. www.glcnetworks.com
What are mikrotik products?
● Router OS
○ The OS. Specialized for networking
○ Website: www.mikrotik.com/download
● RouterBoard
○ The hardware
○ RouterOS installed
○ Website: www.routerboard.com
8

9. www.glcnetworks.com
What Router OS can do?
● Go to www.mikrotik.com
○ Download: what_is_routeros.pdf
○ Download: product catalog
○ Download: newsletter
9

10. www.glcnetworks.com
What are Mikrotik training & certifications?
10
Certificate validity is 3 years

11. www.glcnetworks.com
Firewall
11

12. www.glcnetworks.com
What is Mikrotik firewall?
● Is a feature to
○ Control network access (filter)
○ Modify network header (NAT)
○ Marking packet for further processing (mangle)
● Developed from linux
● Consist of 2 parts: matcher & action
● Executed sequentially
● Netadmin must understand the application’s characteristics in order to build a
matcher (e.g. browsing -> using TCP port 80)
12

13. www.glcnetworks.com
How firewall works?
● Setup matcher -> then action
● Mikrotik has lots of options for matcher
-> very flexible
● Matcher + Action = Firewall rule
● Rule is executed sequentially
13

14. www.glcnetworks.com
14
Where the packet
is processed?
A: see packet flow
Note: ipsec is removed in this
diagram

15. www.glcnetworks.com
1515
What's the
difference between
forward and input?
FORWARD
INPUT

16. www.glcnetworks.com
Firewall Filter table
16

17. www.glcnetworks.com
17
On which chain
can you apply
filter?

18. www.glcnetworks.com
18
Common place to block
DDOS attack? We use
filter table

19. www.glcnetworks.com
Filter table
Filter table is used to control network
access. Which means, we can:
● Accept
● Add to address list
● Drop
● Fasstrack
● Jump
● Log
● Passthrough
● Reject
● Return
● Tarpit
Network traffic
19

20. www.glcnetworks.com
DEMO
20

21. www.glcnetworks.com
Example rules
● REJECT incoming ICMP to router
/ip firewall filter add chain=input protocol=icmp action=reject
● DROP passing through ICMP traffic on router
/ip firewall filter add chain=forward protocol=icmp action=drop
21

22. www.glcnetworks.com
DROP vs REJECT?
Which one is better?
22

23. www.glcnetworks.com
Interested?
Just come to our
training...
Special price for webinar
attendees…
http://www.glcnetworks.c
om/main/schedule
23

24. www.glcnetworks.com
End of slides
● Thank you for your attention
● Please submit your feedback: http://bit.ly/glcfeedback
● Like our facebook page: “GLC networks”
● Slide: http://www.slideshare.net/r41nbuw
● Recording: https://www.youtube.com/channel/UCI611_IIkQC0rsLWIFIx_yg
● Stay tune with our schedule
24