If you have a Baicells eNodeB you wish to restrict access to these Mikrotik rules will help. There are some assumptions made. The following rules are meant to be a base for incorporating into your network. /ip firewall filteradd action=drop chain=forward src-address=10.0.0.2 src-port=443 protocol=tcp \ dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 src-port=8082 protocol=\ tcp dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 src-port=48080 protocol=\ tcp dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 src-port=4500,500 \ protocol=udp dst-address-list=!baicells_cloudadd action=drop chain=forward src-address=10.0.0.2 dst-port=80,443 \ protocol=tcp dst-address-list=!WHITELIST /ip firewall address-listadd address=baiomc.cloudapp.net list=baicells_cloudadd address=baicells-westepc-03.cloudapp.net list=baicells_cloudadd address=baicells-eastepc04.eastus.cloudapp.azure.com list=baicells_cloudadd address=1.2.3.4/24 list=baicells_cloudadd address=1.2.3.4/24 list=WHITELIST 10.0.0.2 is your eNodeB The 1.2.3.4...
Continue reading...firewall
WIFI calling port forwarding
Recently I came across a need to do some port forwarding for wifi calling. I have assembled a resource guide to help you if you need to do such things. IPSEC should be allowed per RFC 5996 https://tools.ietf.org/html/rfc5996 for all wifi calling Verizonhttps://community.verizonwireless.com/t5/Verizon-Wireless-Services/What-are-the-wifi-calling-firewall-ports-and-destination-IP/td-p/1080659UDP ports 500 and 4500 open to sg.vzwfemto.com and wo.vzwwo.com TMobilehttps://www.t-mobile.com/support/coverage/wi-fi-calling-on-a-corporate-networkIPv4 Address Block: 208.54.0.0/17 and 66.94.0.0/19:UDP Ports 500 and 45005061 for SIP/TLSTCP port 443 and 993Also whitelist the CRL server for DIGITS OTT and WFC 1.0: crl.t-mobile.com 206.29.177.36 AT&Thttps://www.att.com/support/article/wireless/KM1114459/UDP Ports 500 and 4500TCP...
Continue reading...Mikrotik BGP firewall rules for security
This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.To view this content, you must be a member of Justin’s Patreon Unlock with PatreonAlready a qualifying Patreon member? Refresh to access this content.
Continue reading...Updated Mikrotik firewall script from Rick Frey
Our friend Rick Frey has updated his Mikrotik Firewall script for securing RouterOS
Continue reading...Interesting product: Firewalla
Interesting product. https://firewalla.com/
Continue reading...Working with some Netgate/Pfsense Firewalls
Just a little firewall switch today. Netgate firewall appliance switched out to replace some old Cisco ASAs. #packetsdownrange
Continue reading...ISP vs Enterprise networks
I recently was hanging out with an ISP admin who moved over from the Enterprise world. After a few days with him, it rekindled the interest in writing this article. From a high level, a network is a network. Its job is to move bits to and fro. The goals of the network are where we start to see networks separate themselves. Let’s start with some simple goals of each system. An enterprise network’s goal is to protect the end-users from outside threats...
Continue reading...Some firewall and switch work
Some dell servers going in for a client. Cisco 3063 switches, Palo Alto firewalls. The yellow and red power cables denote A and B power.
Continue reading...Use tarpit vs drop for scripts blocking attackers
There are many scripts out there, especially on Mikrotik, which list drop as the action for denying bad guy traffic
Continue reading...