MikroTik - 4011 - Default Config - Firewall

✨ Quic broadband | Apple TV | Samsung | AliExpress | Wise | Sharesies

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › MikroTik - 4011 - Default Config - Firewall

Shindig

1621 posts

Uber Geek
+1 received by user: 362

Trusted

#281098 29-Jan-2021 13:29

Send private message

Hello.

Setting up the newly purchased 4011.

I accepted the default configuration and have done the necessary PPPOE and DHCP bits.

Looking now at the 'securing your router' section of the MTik website.

Do I need to add any other FW rules in, or is it fairly safe for a home internet connection?

The little things make the biggest difference.

chevrolux

4962 posts

Uber Geek
+1 received by user: 2638
Inactive user

#2644148 29-Jan-2021 14:46

Send private message

When you say "done the necessary PPPOE and DHCP bits" did that involve updating your firewall rules to reflect the correct WAN interface?

I've always added port scanner and syn flood detection rules for good measure. Port scanner probably being the most relevant in todays world.


 
7    ;;; Identify port scanners
      chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=port-scanners address-list-timeout=1w in-interface-list=all_WAN log=no log-prefix="" 
 
 8    ;;; SYN flood detector
      chain=input action=add-src-to-address-list tcp-flags=syn connection-limit=30,32 protocol=tcp address-list=syn-flooders address-list-timeout=30m in-interface-list=all_WAN log=no log-prefix="" 
 
 9    ;;; Drop port scanners
      chain=input action=drop src-address-list=port-scanners in-interface-list=all_WAN log=no log-prefix="" 
 
10    ;;; Drop SYN flooders
      chain=input action=drop src-address-list=syn-flooders in-interface-list=all_WAN log=no log-prefix=""

Just note, this router uses an interface list instead of just matching a single interface, so adjust to suit on your router (but you should use interface lists... makes things much easier when making changes)

News and reviews »

New ECOVACS DEEBOT T80S OMNI Available Now
Posted 9-Apr-2026 11:11

Ring Brings 4K Video to Battery-Powered Doorbells
Posted 9-Apr-2026 11:01

Synology Announces a New Privacy-First Home Monitoring Experience for BeeStation Plus
Posted 9-Apr-2026 10:02

GIGABYTE X870E AERO X3D DARK WOOD Redefines the Motherboard
Posted 7-Apr-2026 14:06

Datacom Acquires Auckland Data Centre from T4
Posted 2-Apr-2026 09:43

Spark Launches Satellite Service with SMS and data options
Posted 2-Apr-2026 09:16

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Support Geekzone »

You can support Geekzone with a one-off or recurring donation via PressPatron.

RSS feeds: Main feed; Forums feed
Copyright: ©2002-2026 Geekzone®

Site features: Geekzone BI dashboard; Geekzone Badges; Geekzone Status Page

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising; Trademark and copyright