Hi. I'm evaluating MicroTik RouterOS for use at the edge. And as I build up the firewall, reading their documentation, recommendations and official MicroTik staff replies on their forums, I'm getting the distinct impression that their sole supported approach is "policy accept, rules reject (or drop)".
I'm a lot more comfortable with "policy drop, rules accept", both on principle and based on mostly iptables experience.
There's not much mention of RouterOS on this site. I wonder if anyone else has a take on this? It doesn't even seem to offer access to the policy, and the staff suggest instead you just put a "drop" rule at the end of the relevant input and forward chains. Given how easy it is to mess things up that way when it comes to dynamic rules addition/insertion, I'm not very impressed with that approach. Any thoughts appreciated.
I'm a lot more comfortable with "policy drop, rules accept", both on principle and based on mostly iptables experience.
There's not much mention of RouterOS on this site. I wonder if anyone else has a take on this? It doesn't even seem to offer access to the policy, and the staff suggest instead you just put a "drop" rule at the end of the relevant input and forward chains. Given how easy it is to mess things up that way when it comes to dynamic rules addition/insertion, I'm not very impressed with that approach. Any thoughts appreciated.
Last edited: