FIREWALL

Default firewall rules for RouterOS.

Opinionated, well-explained .rsc snippets covering the input chain, forward chain, and IPv6. Each rule has a rationale, when you'd want to disable it, and references. Authored for both RouterOS v6 and v7 — toggle the version in the header to see the syntax that matches your router.

Topics

Before you start

Get console access to your router before pasting any of these scripts. The Winbox/SSH hardening rules can lock out a remote management session if you're on the wrong source IP — fixable with a console serial cable, painful without.