mikrotik firewall raw table
TRANSCRIPT
![Page 1: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/1.jpg)
www.glcnetworks.com
Firewall RAW tableMikrotik User Meeting London, November 14, 2016
Achmad [email protected] Networks, Indonesia
![Page 2: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/2.jpg)
www.glcnetworks.com
Agenda
● Introduction● Firewall● Raw table● Demo● Q & A
2
![Page 3: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/3.jpg)
www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)● Based in Bandung, Indonesia● Areas: Training, IT Consulting● Mikrotik Certified Training Partner● Mikrotik Certified Consultant● Mikrotik distributor
3
![Page 4: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/4.jpg)
www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah● Base: bandung, Indonesia● Linux user since ’99● Certified Trainer (MTCNA/RE/WE/UME/INE/TCE)● Mikrotik Certified Consultant● Work: Telco engineer, Sysadmin, PHP programmer,
and Lecturer at Telkom University● Personal website: http://achmad.glcnetworks.com● More info:
http://au.linkedin.com/in/achmadmardiansyah
4
![Page 6: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/6.jpg)
www.glcnetworks.com
About Telkom University
● Located in Bandung, Indonesia● 7 Faculties, 27 schools● Areas: Engineering, Communications, Computing, Bussiness and
management, Arts● 650+ Academic staff, 400+ Administration staff, 20000+ students● An exchange program● Runs mikrotik academy program
6
![Page 7: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/7.jpg)
www.glcnetworks.com
Mikrotik academy @ TEL-U
● Started in 2013● Embedded into schools curricula● 100% hands-on● Get MTCNA certification
7
![Page 8: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/8.jpg)
www.glcnetworks.com
Mikrotik in Indonesia
● Very popular product for networking● Early adoption (beginning of 2000)● Many schools already join Mikrotik
Academy programs● Lots of training classes● Biggest MUM in the world (2500+
participants, 2-day event)● Very active community (facebook, telegram,
forum, etc)● What..? you dont know Mikrotik? Where
have you been?
8
![Page 10: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/10.jpg)
www.glcnetworks.com
What is Mikrotik firewall?
● Is a feature to○ Control network access (filter)○ Modify network header (NAT)○ Marking packet for further processing (mangle)
● Developed from linux● Consist of 2 parts: matcher & action● Executed sequentially● Netadmin must understand the application’s characteristics in order to build a
matcher (e.g. browsing -> using TCP port 80)
10
![Page 11: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/11.jpg)
www.glcnetworks.com
How firewall works?● Setup matcher -> then action● Mikrotik has lots of options for matcher
-> very flexible● Matcher + Action = Firewall rule● Rule is executed sequentially
11
![Page 12: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/12.jpg)
www.glcnetworks.com 12
Where the packet is processed?A: see packet flowNote: ipsec is removed in this diagram
![Page 13: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/13.jpg)
www.glcnetworks.com 1313
What's the difference between forward and input?
FORWARD
INPUT
![Page 14: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/14.jpg)
www.glcnetworks.com 14
On which chain can you apply filter?
![Page 15: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/15.jpg)
www.glcnetworks.com 15
On which chain can you apply NAT?
![Page 16: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/16.jpg)
www.glcnetworks.com 16
On which chain can you apply mangle?
![Page 17: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/17.jpg)
www.glcnetworks.com 17
Which processes could take more CPU power?
![Page 18: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/18.jpg)
www.glcnetworks.com 18
Common place to block DDOS attack? We use filter table (still eating CPU power)
![Page 20: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/20.jpg)
www.glcnetworks.com
Raw table
● allows to selectively bypass or drop packets before connection tracking● does not have matchers that depend on connection tracking (like
connection-state, layer7 etc.)● If packet is marked to bypass connection tracking, packet de-fragmentation
will not occur
20
![Page 21: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/21.jpg)
www.glcnetworks.com 21
Packet flow for raw table
![Page 22: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/22.jpg)
www.glcnetworks.com
Raw table matchers and action● No paramaters related to connection
tracking (l7-filter, conn-mark, bytes, etc)
22
![Page 24: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/24.jpg)
www.glcnetworks.com
Combined with connection-limit and address list
24
![Page 26: Mikrotik firewall raw table](https://reader034.vdocuments.site/reader034/viewer/2022042509/587e74dd1a28ab38068b6435/html5/thumbnails/26.jpg)
www.glcnetworks.com
End of slides
● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback● Like our facebook page: “GLC networks”● Stay tune with our schedule
26