This article describes how to use a feature called Port Knocking, to improve the security of your MikroTik device, and minimize a risk of hacking attempts over such protocols like SSH, Telnet, Winbox, etc.
Port knocking is a method that enables access to the router only after receiving a sequenced connection attempts on a set of prespecified closed ports. Once the correct sequence of the connection attempts is received, the RouterOS dynamically adds a host source IP to the allowed address list and You will be able to connect your router.
This example demonstrates how to set your router to use port knocking method:
The First firewall rule will store all source ip's which makes connection to router with tcp protocol on port 9000.
/ip firewall filter add action=add-src-to-address-list address-list="port:9000" \ address-list-timeout=1m chain=input dst-port=9000 protocol=tcp
Second rule adds the source ip to "secure" address list only if a host has the same ip address, stored by first firewall rule, and knocks on tcp port 6000.
add action=add-src-to-address-list address-list="secure" address-list-timeout=1m \ chain=input dst-port=6000 protocol=tcp src-address-list="port:9000"
The third rule is created to accept all connections to the router from "secure" host.
add chain=input src-address-list=secure action=accept
Everything else is dropped by this rule.
add action=drop chain=input
simply type router ip and port in your web browser: