Quick and Dirty Baicells eNODEB Mikrotik Rules

If you have a Baicells eNodeB you wish to restrict access to these Mikrotik rules will help. There are some assumptions made. The following rules are meant to be a base for incorporating into your network.

/ip firewall filter
add action=drop chain=forward src-address=10.0.0.2 src-port=443 protocol=tcp \
   dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 src-port=8082 protocol=\
   tcp dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 src-port=48080 protocol=\
   tcp dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 src-port=4500,500 \
   protocol=udp dst-address-list=!baicells_cloud
add action=drop chain=forward src-address=10.0.0.2 dst-port=80,443 \
   protocol=tcp dst-address-list=!WHITELIST


/ip firewall address-list
add address=baiomc.cloudapp.net list=baicells_cloud
add address=baicells-westepc-03.cloudapp.net list=baicells_cloud
add address=baicells-eastepc04.eastus.cloudapp.azure.com list=baicells_cloud
add address=1.2.3.4/24 list=baicells_cloud
add address=1.2.3.4/24 list=WHITELIST

10.0.0.2 is your eNodeB

The 1.2.3.4 above is your management Subnet.

You can tighten these rules up by combining them, or create a new chain. This is quick and easy and anyone can understand. What it does is allows the eNodeb to only communicate with the Baicells cloud and your management network. It also only allows you to access your eNodeB from your management network. These are not a complete ruleset but something to build upon.

j2networks family of sites
https://j2sw.com
https://startawisp.info
https://indycolo.net
#packetsdownrange #routethelight

Comments are closed.