firewall

Quick and Dirty Baicells eNODEB Mikrotik Rules

If you have a Baicells eNodeB you wish to restrict access to these Mikrotik rules will help. There are some assumptions made. The following rules are meant to be a base for incorporating into your network. /ip firewall filteradd action=drop chain=forward src-address=10.0.0.2 src-port=443 protocol=tcp \   dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 src-port=8082 protocol=\   tcp dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 src-port=48080 protocol=\   tcp dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 src-port=4500,500 \   protocol=udp dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 dst-port=80,443 \   protocol=tcp dst-address-list=!WHITELIST /ip firewall address-listadd address=baiomc.cloudapp.net list=baicells_cloudadd address=baicells-westepc-03.cloudapp.net list=baicells_cloudadd address=baicells-eastepc04.eastus.cloudapp.azure.com list=baicells_cloudadd address=1.2.3.4/24 list=baicells_cloudadd address=1.2.3.4/24 list=WHITELIST 10.0.0.2 is your eNodeB The 1.2.3.4...

Continue reading...

WIFI calling port forwarding

Recently I came across a need to do some port forwarding for wifi calling. I have assembled a resource guide to help you if you need to do such things. IPSEC should be allowed per RFC 5996 https://tools.ietf.org/html/rfc5996 for all wifi calling Verizonhttps://community.verizonwireless.com/t5/Verizon-Wireless-Services/What-are-the-wifi-calling-firewall-ports-and-destination-IP/td-p/1080659UDP ports 500 and 4500 open to sg.vzwfemto.com and wo.vzwwo.com TMobilehttps://www.t-mobile.com/support/coverage/wi-fi-calling-on-a-corporate-networkIPv4 Address Block: 208.54.0.0/17 and 66.94.0.0/19:UDP Ports 500 and 45005061 for SIP/TLSTCP port 443 and 993Also whitelist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36 AT&Thttps://www.att.com/support/article/wireless/KM1114459/UDP Ports 500 and 4500TCP...

Continue reading...

Mikrotik BGP firewall rules for security

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.To view this content, you must be a member of Justin’s Patreon Unlock with PatreonAlready a qualifying Patreon member? Refresh to access this content.

Continue reading...

ISP vs Enterprise networks

I recently was hanging out with an ISP admin who moved over from the Enterprise world. After a few days with him, it rekindled the interest in writing this article. From a high level, a network is a network. Its job is to move bits to and fro. The goals of the network are where we start to see networks separate themselves. Let’s start with some simple goals of each system. An enterprise network’s goal is to protect the end-users from outside threats...

Continue reading...