This article describes how to use a feature called Port Knocking, to improve the security of your MikroTik device, and minimize a risk of hacking attempts over such protocols like SSH, Telnet, Winbox, etc.

Port knocking is a method that enables access to the router only after receiving a sequenced connection attempts on a set of prespecified closed ports. Once the correct sequence of the connection attempts is received, the RouterOS dynamically adds a host source IP to the allowed address list and You will be able to connect your router.




This example demonstrates how to set your router to use port knocking method:

The First firewall rule will store all source ip's which makes connection to router with tcp protocol on port 9000.

/ip firewall filter
add action=add-src-to-address-list address-list="port:9000" \
    address-list-timeout=1m chain=input dst-port=9000 protocol=tcp

Second rule adds the source ip to "secure" address list only if a host has the same ip address, stored by first firewall rule, and knocks on tcp port 6000.

add action=add-src-to-address-list address-list="secure" address-list-timeout=1m \
 chain=input dst-port=6000 protocol=tcp src-address-list="port:9000"

The third rule is created to accept all connections to the router from "secure" host.

add chain=input src-address-list=secure action=accept

Everything else is dropped by this rule.

add action=drop chain=input 



simply type router ip and port in your web browser: