Hey TKSJa, I just wanted to thank you for all of your videos. I have been using MikroTik devices for a few years and I cannot believe how many people have never heard of them. There are so few tutorial videos in English. Your channel is very unique in that way and you are servicing the world with your work. I have been recommending the routers and your videos to everybody I know that has the technical knowledge to follow along. God bless.

Bought my first Mikrotik. Thanks a lot for videos and the website. Its great and i think it is actually only website where is all explained so average IT guy understands details without being network engineer. Thanks a lot.

I'm gonna learn like Mike Boyd with these videos!

Hey, TKSJa! Man, thanks for your fantastic job on Mikrotik Tutorials. I can't tell you how many times your content saved my ass. Much respect and support from Canada. May luck and prosperity always be by your side! If you got a Patreon or whatnot, I'll be your patron hands-down!

Good guide. One question, what is the reasoning behind allowing tftp udp port 69 in the input and fwd chain?

Thank you sooooo much for these vids in English!! Your web site is excellent as well. I highly recommend his web page to anyone interested in learning more. I have an MTCNA but I learn more here than in the other classes I have taken. Great job!!

How can I get certified by you, you are a better mentor than a paid ccna instructor, in my own opinion. BTW kudos. We all love your content.

Hi TKSJa, I just got my hEX S couple of weeks ago and I'm going see some of your video tutorials. Thank you so much sir! You are very kind of sharing your work. :)

Thank you for providing this tutorial (and all the others as well). This video is essential for Mikrotik noobs like myself.

? Should that script be modified to suite different ip pools?

I wish you still did videos .. it’s been so long !!!

I already have some rules created by hotspot automatically. Should these rules (discussed in this video) go up the hotspot rules or below the hotspot rules?

Thank you TKSJA for sharing your knowledge about configuring Mikrotik routers it helps me a lot , i hope you continue making videos like this ^_^ more power to you bro

hi great tutorials, im getting better by using your videos

Thank you...it's a really great video I'm a beginner ...but I understand can you make one video on hotspot user and firewall policy's... That' will be great help for me .....

Hi, How the configuration if i have 2 input WAN eth 1 and 2, i need to add both . Thanks

Excellent work as usual! Thank you Your site is down…

thank you for very informative tutorials. can i ask if i have a hotspot rule where i put your firewall rule. before hotspot rule or after? thank you.

Good Sir, thank you for this free video. Guys, get this MAN a SUB!!

Hey TKSJa, i didnt find block all wan connection that did not dstnated ? is it all right

Thank you, very useful indeed. I have MikroTik CRS309-1G-8S+. I did copy firewall rules as you did and all seems ok, but when I reboot the switch, the rules are gone, empty again, can you comment why is this? Thank you

Can someone please explain how well this rule will help in TJ's Fire Wall, My comments are not there to undermine his Fire Wall, I am using it. I just want to know how well and what the scope of this rule is. Thanks

Thank you for the education. Work's excellent!

One of the best channel, thanks

Clear concise explanations for all of your videos . Excellent !!!

What's the deal with the bridge filter? I would understand if it only would handle stuff like MAC filtering. But you can also do layer 3 stuff there (IP/port). Or, you can even enable an option to use the IP filter for the bridge. Can someone explain when and why you should use the bridge filter? And why there is an option to use the IP filter? And perhaps, is there a performance cost involved in these combinations of enabling the IP firewall for a bridge filter? The documentation only explains the options, but doesn't go into detail of applying these features the right way.

thank you it helps me alot continue on making this kind of tutorials sir :)

thats so educative indeed. Thank you so much man

What is the reason why the PORT 17 enable or allowed?

The bogons rule order change @8:40 changes absolutely nothing, since it is in another chain (forward vs. input.) You should emphasize the critical importance of an order within a chain in the tutorial, otherwise people can be confused. First thing should be to group the list based on a chain, the way it is in this video is quite messy and hard to understand the flow as such.

Pls sir can you.. kindly help us with internal firewall...on interface basis (that is blocking one network from reaching other.......thanks..l love ur videos...

Thank you, mate!😊

What is the reasoning behind allowing udp 69? I get if you have a specific tftp service, but that doesnt seem to apply in a generalized ruleset like this.

Hello, Thank you, for all your well delivered videos. Would you consider doing a video on DMZ setup (SXT-LTE), where the goal is avoid double NAT (Bridging is not an option). The application - Internet > SXT LTE Kit > Wireless Router (Tomato firmware) with Vlan (ADSL connection + SXT LTE). If not maybe refer us to a clear walkthrough guide for this scenario. Thanks in hope ...

I have RouterOS on virtual machine for learning and I've applied those rules and I see 1/3 of packets hitting last drop rule ... router is routing nothing at all now, why it's happening like this?

Hello, i am very confused. Rule 4 indicates all traffic from internet is dropped. But how..? secondly Rule 5. the destination list is list of all private addresses. what is firewall doing in this rule? is it preventing all traffic to these private addresses over internet from lan? because he says these addresses shouldnt go to internet than should the bogon list be source address list.?

thank you for your time to do these videos. i have learned a lot. thanks you again. keep going :)

Filtering full bogon list requires about 5000 rules for IPv4 and about 70,000 rules for IPv6. Double those numbers numbers if you want to filter in both directions.

Hi there, please make a tutorial video about which ports by default we must to block on microtik firewall for more security?? Thnx

thank you for sharing your knowledge sir.. it help a lot.

I just wanted to thank you for all of your videos. I use this line with Mikrotik but VPN sitetosite connect but isn't ping to Office 2 not working. I have tried to disable this rule then everything is fine. I use the network subnet mark 192.168.10.0/23 and office 2 is 192.168.30.0/24. Please help me

hello, the link to download the script is not available. Please help. Thank you.

plz plz keep going make more mikrotik videos plz ....nice videos!!!

how can I get firewall scripts ? also do i need ip address or anything edit before runnig sripts ? plz advise, much appriciated in advance

Thanks for sharing very informative and educative!

Are you still answering questions ? please i really need your help

is it apply for crs 210 mikrotik router or not

Sir this video suit for if i share Internet through Microtik to clients So Internet Service Provider does not know the net is forword to clients

hi do you have any script of this?

Hello Sir, I am going from a newbie to an advance user by watching you channel so first thanks for you effort, secondly I have a question that how to use this script if I have multiple WAN Connections Load balanced by PCC?

Can you please make a video on how to only allow access to specific sites and block everything else.

Hi there edgerouter firewall is better or microtik router??

Thank you!

Dear TKSJa, thanks a lot for great Tutorial. Can you explain more about the script: add address=10.0.0.0/8 comment="Private[RFC 1918] - CLASS A # Check if you nee\ d this subnet before enable it" list=Bogons What it is used for ? or can I just ignore this line?

thank you sir your tutorial are spot on

filter rule for hostpot server?

you didnt provide the scripts in your comment section for this video

Hey TKSJa, great tutorial. One question, does it matter what Lan subnet it use? For example, if I use Lan 192.168.3.1 or 10.0.8.1 and the default script will still or? thanks

hi sir this video are same hotspot filter rule thank you for reply..

how to disable all firewall from mikrotik router manually

Man, I see you are learning every day and you are getting better and better. But in most of your videos where you speak about firewalls, I see that you are not completele aware about firewall rules. You need to learn a little bit more to clear the picture in your mind. In the firewall menu, in FILTER tab, NAT tab, MANGLE tab and so on, it is organised into chains where you can see them better from the drop down menu. So when you move some of your rules (lines) up or down, they take effect only in their respective chains. For example in your video in minute 8:50 you are moving a "forward" rule above "input" rule which will have the same effect as if you do not move it. If you want to take an effect you must think of moving it above the last forward rule (same chain). In other words, if you have two drop rules in different chains, it doesn't matter which one of them is above the other. I hope i cleared it for you.

can we block all the vpn from mikrotik??

Please where can we have the script in this tutorial ?

Hello TKSJa I have a router between two networks, I would like to allow all traffic between these two networks, how do I configure my router?

Thank you so much.

Thank you

thanks for the help

thank you so much

Hi, please make a tutorial video about how we can block all incoming traffic from outside or internet to the network on microtik firewall, i mean block bad traffic or attack for any request from wan port to lan for more security. Thnx

Hi TKJa thank you for your efforts to explain mik Please I have questions for you If you have Facebook account this make interface with you very easy

aren't you missing the background music on this one ? :)

doesn't work on 6.42.6

Please make tutorial with apk android mikrotik

i like script, (copy and paste), you should teach us how to write script not only in this vidoe

2020 HERE!!

Pokud autor povolí ve FW něco jako toto add action=accept chain=input port=69 protocol=udp add action=accept chain=forward port=69 protocol=udp neměl by nikomu radit ;)

the config script is nolonger there😑

can i get your email ???I need some help .

nice videos. is there a way of blocking porn sites with a custom message

Please do not share personal experiance as general case studies. Fist it is unprofessional and second, it is less concludent!

Please please

I can stand listening to you... too many pauses... too many times you need to think what to say...

thank you, the videos it helps me alot to configure my mikrotik router

Can you please make a video on how to only allow access to specific sites and block everything else.

Thank you very much.