firewall

Mikrotik routers are rightly valued by system administrators for their incredible flexibility.
A unique feature of this hardware is that a budget home hAP lite and a powerful enterprise router costing thousands of dollars run the same operating system — RouterOS.

That means once you learn to configure one device, you can manage any equipment from the brand.
In this article we’ll go over the fundamental steps to set up a Mikrotik from scratch to a fully working state.

pfSense — a tank in the world of firewalls.
Is updated less often, but runs for years without surprises.

🏢 Who pfSense is for

• Corporation with 100+ users
• Needs official support
• Has old but reliable hardware
• Value stability

📚 pfSense Features

• Multi-WAN and automatic failover
• Traffic Shaping — bandwidth management
• Captive Portal — guest authentication
• OpenVPN and IPsec — encrypted tunnels

⚙️ Installation

1. ISO → USB
2. Install → configure WAN/LAN
3. In about 10 minutes — a ready firewall

Example HAProxy config:

OPNsense — it’s like pfSense, but prettier, faster, and with an API.
Want an office firewall you wouldn’t be embarrassed to show your boss? Here it is.

💼 Who OPNsense is for

• Office of 10–50 people
• VPN for all employees
• Backup internet connection
• Modern web interface

🎨 Apple-like interface

• Dark theme
• Real-time graphs
• REST API for automation
• WireGuard out of the box

⚙️ Installation in 5 minutes

1. Download the ISO from opnsense.org
2. Write it to a USB stick (dd or Rufus)
3. Boot → assign interfaces → done!

Auto-update via API:

Introduction: The First Line of Defense for Your Server

Before thinking about complex intrusion detection systems such as Fail2ban or CrowdSec, you need to build the first and most reliable line of defense—a firewall. A firewall controls all network traffic entering and leaving your server and blocks unauthorized connection attempts.

Traditionally, Linux servers have used iptables to manage firewalls, but its syntax can be complicated and confusing. Fortunately, there is a simpler and more intuitive tool — UFW (Uncomplicated Firewall).

In a world where cyberattacks are becoming increasingly sophisticated, protecting remote access to servers and network equipment is of paramount importance. Simply opening ports for SSH, RDP, or web interfaces makes them targets for constant scanning and brute-force attacks.

Today, we’ll explore a powerful yet lesser-known technique that significantly improves the security of your MikroTik (and not only): Port Knocking. It’s not just about “closing ports,” but a smart system that makes your services invisible to most scanners and bots.

Introduction: Mikrotik – More Than Just a Router

When it comes to networking hardware for home or small offices, most people think of consumer-grade routers like those from TP-Link, ASUS, or D-Link. However, there’s a category of devices offering far more flexibility, features, and control—while remaining affordable. We’re talking about Mikrotik, a Latvian company known for its wide range of networking gear, especially routers and switches.

What truly sets Mikrotik apart isn’t just the hardware, but its operating system — RouterOS. This powerful software transforms ordinary devices into versatile tools capable of handling tasks usually reserved for far more expensive enterprise solutions.