MikroTik RouterOS has a very powerful firewall implementation.
It is enabled by default and contains that rules that allow to ping to your MikroTik router from outside, access it from LAN and drop everything from WAN.
This short note shows how to list firewall rules on a MikroTik router through the WinBox/WinFig interface or from the command line.
Cool Tip: Simple MikroTik WiFi configuration! Read more →
List Firewall Rules in MikroTik
To print all the MikroTik firewall rules from the command line, log in to the MikroTik router over SSH and execute:
[admin@MikroTik] > /ip firewall filter print - sample output - Flags: X - disabled, I - invalid, D - dynamic 0 D ;;; special dummy rule to show fasttrack counters chain=forward action=passthrough 1 ;;; defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked 2 ;;; defconf: drop invalid chain=input action=drop connection-state=invalid 3 ;;; defconf: accept ICMP chain=input action=accept protocol=icmp 4 ;;; defconf: accept to local loopback (for CAPsMAN) chain=input action=accept dst-address=127.0.0.1 5 ;;; defconf: drop all not coming from LAN chain=input action=drop in-interface-list=!LAN ...
To list the MikroTik firewall rules through the WinBox/WinFig interface, go to the “IP” and click on the “Firewall“: