Hey TKSJa, I just wanted to thank you for all of your videos. I have been using MikroTik devices for a few years and I cannot believe how many people have never heard of them. There are so few tutorial videos in English. Your channel is very unique in that way and you are servicing the world with your work. I have been recommending the routers and your videos to everybody I know that has the technical knowledge to follow along. God bless.

Bought my first Mikrotik. Thanks a lot for videos and the website. Its great and i think it is actually only website where is all explained so average IT guy understands details without being network engineer. Thanks a lot.

Thank you sooooo much for these vids in English!! Your web site is excellent as well. I highly recommend his web page to anyone interested in learning more. I have an MTCNA but I learn more here than in the other classes I have taken. Great job!!

Hi TKSJa, I just got my hEX S couple of weeks ago and I'm going see some of your video tutorials. Thank you so much sir! You are very kind of sharing your work. :)

I'm gonna learn like Mike Boyd with these videos!

How can I get certified by you, you are a better mentor than a paid ccna instructor, in my own opinion. BTW kudos. We all love your content.

Hey, TKSJa! Man, thanks for your fantastic job on Mikrotik Tutorials. I can't tell you how many times your content saved my ass. Much respect and support from Canada. May luck and prosperity always be by your side! If you got a Patreon or whatnot, I'll be your patron hands-down!

Excellent work as usual! Thank you Your site is down…

Thank you...it's a really great video I'm a beginner ...but I understand can you make one video on hotspot user and firewall policy's... That' will be great help for me .....

I wish you still did videos .. it’s been so long !!!

Thank you for providing this tutorial (and all the others as well). This video is essential for Mikrotik noobs like myself.

Thank you TKSJA for sharing your knowledge about configuring Mikrotik routers it helps me a lot , i hope you continue making videos like this ^_^ more power to you bro

Good guide. One question, what is the reasoning behind allowing tftp udp port 69 in the input and fwd chain?

Hey TKSJa, i didnt find block all wan connection that did not dstnated ? is it all right

Good Sir, thank you for this free video. Guys, get this MAN a SUB!!

Hi, How the configuration if i have 2 input WAN eth 1 and 2, i need to add both . Thanks

? Should that script be modified to suite different ip pools?

Clear concise explanations for all of your videos . Excellent !!!

hi great tutorials, im getting better by using your videos

Filtering full bogon list requires about 5000 rules for IPv4 and about 70,000 rules for IPv6. Double those numbers numbers if you want to filter in both directions.

I have RouterOS on virtual machine for learning and I've applied those rules and I see 1/3 of packets hitting last drop rule ... router is routing nothing at all now, why it's happening like this?

I already have some rules created by hotspot automatically. Should these rules (discussed in this video) go up the hotspot rules or below the hotspot rules?

Can someone please explain how well this rule will help in TJ's Fire Wall, My comments are not there to undermine his Fire Wall, I am using it. I just want to know how well and what the scope of this rule is. Thanks

Thank you for the education. Work's excellent!

hello, the link to download the script is not available. Please help. Thank you.

thank you it helps me alot continue on making this kind of tutorials sir :)

thank you for your time to do these videos. i have learned a lot. thanks you again. keep going :)

thats so educative indeed. Thank you so much man

thank you for sharing your knowledge sir.. it help a lot.

Thank you, very useful indeed. I have MikroTik CRS309-1G-8S+. I did copy firewall rules as you did and all seems ok, but when I reboot the switch, the rules are gone, empty again, can you comment why is this? Thank you

One of the best channel, thanks

Hello, Thank you, for all your well delivered videos. Would you consider doing a video on DMZ setup (SXT-LTE), where the goal is avoid double NAT (Bridging is not an option). The application - Internet > SXT LTE Kit > Wireless Router (Tomato firmware) with Vlan (ADSL connection + SXT LTE). If not maybe refer us to a clear walkthrough guide for this scenario. Thanks in hope ...

Thank you, mate!😊

plz plz keep going make more mikrotik videos plz ....nice videos!!!

how can I get firewall scripts ? also do i need ip address or anything edit before runnig sripts ? plz advise, much appriciated in advance

Pls sir can you.. kindly help us with internal firewall...on interface basis (that is blocking one network from reaching other.......thanks..l love ur videos...

Thanks for sharing very informative and educative!

What is the reason why the PORT 17 enable or allowed?

What is the reasoning behind allowing udp 69? I get if you have a specific tftp service, but that doesnt seem to apply in a generalized ruleset like this.

hi do you have any script of this?

What's the deal with the bridge filter? I would understand if it only would handle stuff like MAC filtering. But you can also do layer 3 stuff there (IP/port). Or, you can even enable an option to use the IP filter for the bridge. Can someone explain when and why you should use the bridge filter? And why there is an option to use the IP filter? And perhaps, is there a performance cost involved in these combinations of enabling the IP firewall for a bridge filter? The documentation only explains the options, but doesn't go into detail of applying these features the right way.

Hello, i am very confused. Rule 4 indicates all traffic from internet is dropped. But how..? secondly Rule 5. the destination list is list of all private addresses. what is firewall doing in this rule? is it preventing all traffic to these private addresses over internet from lan? because he says these addresses shouldnt go to internet than should the bogon list be source address list.?

Are you still answering questions ? please i really need your help

thank you for very informative tutorials. can i ask if i have a hotspot rule where i put your firewall rule. before hotspot rule or after? thank you.

I just wanted to thank you for all of your videos. I use this line with Mikrotik but VPN sitetosite connect but isn't ping to Office 2 not working. I have tried to disable this rule then everything is fine. I use the network subnet mark 192.168.10.0/23 and office 2 is 192.168.30.0/24. Please help me

Hi there, please make a tutorial video about which ports by default we must to block on microtik firewall for more security?? Thnx

thank you sir your tutorial are spot on

is it apply for crs 210 mikrotik router or not

Hello Sir, I am going from a newbie to an advance user by watching you channel so first thanks for you effort, secondly I have a question that how to use this script if I have multiple WAN Connections Load balanced by PCC?

Thank you!

you didnt provide the scripts in your comment section for this video

Hi there edgerouter firewall is better or microtik router??

hi sir this video are same hotspot filter rule thank you for reply..

Sir this video suit for if i share Internet through Microtik to clients So Internet Service Provider does not know the net is forword to clients

Dear TKSJa, thanks a lot for great Tutorial. Can you explain more about the script: add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\ d this subnet before enable it" list=Bogons What it is used for ? or can I just ignore this line?

Can you please make a video on how to only allow access to specific sites and block everything else.

Thank you

filter rule for hostpot server?

The bogons rule order change @8:40 changes absolutely nothing, since it is in another chain (forward vs. input.) You should emphasize the critical importance of an order within a chain in the tutorial, otherwise people can be confused. First thing should be to group the list based on a chain, the way it is in this video is quite messy and hard to understand the flow as such.

how to disable all firewall from mikrotik router manually

Please where can we have the script in this tutorial ?

thanks for the help

aren't you missing the background music on this one ? :)

Thank you so much.

Man, I see you are learning every day and you are getting better and better. But in most of your videos where you speak about firewalls, I see that you are not completele aware about firewall rules. You need to learn a little bit more to clear the picture in your mind. In the firewall menu, in FILTER tab, NAT tab, MANGLE tab and so on, it is organised into chains where you can see them better from the drop down menu. So when you move some of your rules (lines) up or down, they take effect only in their respective chains. For example in your video in minute 8:50 you are moving a "forward" rule above "input" rule which will have the same effect as if you do not move it. If you want to take an effect you must think of moving it above the last forward rule (same chain). In other words, if you have two drop rules in different chains, it doesn't matter which one of them is above the other. I hope i cleared it for you.

Please make tutorial with apk android mikrotik

Hello TKSJa I have a router between two networks, I would like to allow all traffic between these two networks, how do I configure my router?

thank you so much

Hi TKJa thank you for your efforts to explain mik Please I have questions for you If you have Facebook account this make interface with you very easy

Hey TKSJa, great tutorial. One question, does it matter what Lan subnet it use? For example, if I use Lan 192.168.3.1 or 10.0.8.1 and the default script will still or? thanks

can we block all the vpn from mikrotik??

i like script, (copy and paste), you should teach us how to write script not only in this vidoe

Pokud autor povolí ve FW něco jako toto add action=accept chain=input port=69 protocol=udp add action=accept chain=forward port=69 protocol=udp neměl by nikomu radit ;)

Hi, please make a tutorial video about how we can block all incoming traffic from outside or internet to the network on microtik firewall, i mean block bad traffic or attack for any request from wan port to lan for more security. Thnx

2020 HERE!!

doesn't work on 6.42.6

can i get your email ???I need some help .

the config script is nolonger there😑

Please do not share personal experiance as general case studies. Fist it is unprofessional and second, it is less concludent!

nice videos. is there a way of blocking porn sites with a custom message

Please please

I can stand listening to you... too many pauses... too many times you need to think what to say...

thank you, the videos it helps me alot to configure my mikrotik router

Thank you very much.

Can you please make a video on how to only allow access to specific sites and block everything else.