[afnog] BGP issues and strange traffic

Tayeb Meftah tayeb.meftah at gmail.com
Thu Feb 25 08:07:07 UTC 2016


to drop port from outside:
/ip firewall filter
add action=drop in-interface=wan dst-port=53 protocol=tcp
please change the wan interface accordingly
please note
if you have huge traffic i dont recomand you to completly disable the routeros dns resolver, but just drop the port from outside like i sayd
droping dns resolver will result in lot of dns query, and built-in resolver support cache
thanks 👌

Envoyé de mon iPad

> Le 25 févr. 2016 à 09:02, Mark Tinka <mark.tinka at seacom.mu> a écrit :
> 
> 
> 
> On 25/Feb/16 09:55, Tayeb Meftah wrote:
> 
>> hello mark,
>> RouterOS in routerboards dont expose the port 53 by default in default config, if ether1-gateway its the lan interface through dhcp
>> if using any other interfaces, or PPP interfaces, please drop port 53 in the wan side to drop outside dns traffic
> 
> Tayeb, grateful if you can share configurations for these. I have zero Mikrotik experience. Thanks.
> 
> Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20160225/27474596/attachment.html>


More information about the afnog mailing list