We continue our countdown of the Top 10 RouterOS config mistakes.
This week we continue our list by looking at the mistakes ranked number 8 and 7:
The problem: If you have no firewall, anyone can use your DNS server. There might not be a problem with this; however, it depends on how it gets used.
Hackers sometimes use spoofed IP’s to request information from your DNS server which uses most of your downstream traffic, CPU and memory. Requests use less traffic than replies.
The problem: Having too many rules can also make your MikroTik device slow and unresponsive, as each packet would have to travel through the entire rule-set checking if there is a match in each rule-set.
The solution: Packets also travel from your first rule down the list checking for matches in your ruleset, by moving one rule in front of another your device can be more efficient as it would not have to go through the entire ruleset.