First, Being a network manager, we know that while setting up any network device, we need to configure everything according to our requirements. Secondly, This article includes few key MikroTik commands that will allow ping to MikroTik RouterOS from CLI on internal network. I do not recommend allowing ICMP or any management port which any hacker can use to evaluate your network.
Furthermore, like any other network device, MikroTik RouterOS by default does not allow ping (ICMP) to MikroTik RouterOS and this was a good reason to write, as a memory, this article. Although, allowing ping to MikroTik RouterOS will increase unnecessary ping receiving from any users within the network but for some reasons, Network or System Administrator may require this. Let’s start the few basic commands that will allow ping to MikroTik RouterOS and then can discuss the other factors afterwards. Here is the list of commands we need to achieve this.
Allow Ping to MikroTik – CLI Commands:
Now, Let’s start the few basic commands that will allow ping on MikroTik RouterOS and then can discuss the other factors afterwards. Of course, here is the list of commands we need to achieve this.
[admin@MikroTik] > ip firewall filter
[admin@MikroTik] > ip firewall filter > add chain=input protocol=icmp action=accept comment=”ICMP Allow”
MikroTik – IP Firewall Filter
Meanwhile, As of today, MikroTik RouterOS has very powerful firewall implementation with features including:
- stateful packet inspection
- Layer-7 protocol detection
- peer-to-peer protocols filtering
- traffic classification by:
- source MAC address
- IP addresses (network or list) and address types (broadcast, local, multicast, unicast)
- port or port range
- IP protocols
- protocol options (ICMP type and code fields, TCP flags, IP options and MSS)
- interface the packet arrived from or left through
- internal flow and connection marks
- DSCP byte
- packet content
- rate at which packets arrive and sequence numbers
- packet size
- packet arrival time
- and much more to read on MikroTik website under Manual:IP/Firewall/Filter
MikroTik ICMP Allow
If you read the command carefully, we just allow input chain where ICMP protocol is allowed with accept action. This Manual:IP/Firewall/Filter link also contains properties where basic commands are available to explore.
ICMP Flood :: Ping Flood
If you are an experienced Network or System professional, you already have enough information about the ping flood which is called ICMP flood. Ping Flood is a common Denial of Service (DoS) attack which an attacker can use to overwhelm the ICMP echo request on that particular network.