One of the security measures recommended for network engineers trying to secure a network is the denial of icmp requests sent to the live IP address on the router. This makes sure that attackers will have no way of determining whether your router is up or not let alone launching a denial of service attack. While many would think this is easy especially on Mikrotik routers, only a few who have done it have succeeded without denying all kinds access to the router via the WAN interface. In this demonstration, I will be sharing with us on how to effectively deny icmp requests sent to the WAN interface of your Mikrotik router while still granting access to authorized IPs via other protocols for remote management of the router.
You may also like: How to permit icmp request from the internet to the IP on the WAN interface of your security router
Before typing in the needed codes, one needs to know the various factors that are involved in icmp requests to the router. These factors which will be used in the configuration are listed below:
>> Protocol: icmp
>> In interface: interface connecting to the WAN (with live IP)
>> Chain: input
>> Action: drop
Now, to the configuration. Log on to the router via Winbox, click on new terminal, and type in the below code:
chain=input action=drop protocol=icmp in-interface=ether1 icmp-option=8:0-255 log=no log-prefix=””
That is all you need to do to successfully drop all icmp traffics to your Mikrotik router.