Qnap is.really good about patching holes as long as u stay up to date with updates.
Widening your subnet is indeed the obvious solution. Iβve moved mine from 255.255.255.0 to 255.255.254.0 (using Ubiquity). /24 /23. Just make sure youβre using DHCP or update every static IP manually.
1 Like
I can't explain exactly why, but this really made me smile.
Perhaps I have firewall envy. 
I always patch with the latest. And all my cameras FTP video and pictures to my NAS so everything stays local there.
This is what I plan to do. I have all my devices set to dhcp and use ip reservations on the router.
/put [/system clock get date]
put "cleaning out old address lists"
/ip firewall address-list remove [/ip firewall address-list find list=Whitelist]
/ip firewall address-list remove [/ip firewall address-list find list=Blacklist]
/ip firewall address-list remove [/ip firewall address-list find list=OtherSubnetIPs]
/ip firewall address-list remove [/ip firewall address-list find list=RU]
/ip firewall address-list remove [/ip firewall address-list find list=RU2]
/ip firewall address-list remove [/ip firewall address-list find list=CN]
/ip firewall address-list remove [/ip firewall address-list find list=KZ]
/ip firewall address-list remove [/ip firewall address-list find list=BR]
/ip firewall address-list remove [/ip firewall address-list find list=DNS_DOS]
/ip firewall address-list remove [/ip firewall address-list find list=wifi_routers]
/ip firewall address-list remove [/ip firewall address-list find list=US]
/ip firewall address-list remove [/ip firewall address-list find list=CA]
/ip firewall address-list remove [/ip firewall address-list find list=DO]
/ip firewall address-list remove [/ip firewall address-list find list=Foreign]
/ip firewall address-list remove [/ip firewall address-list find list=AllowedIMAPIPs]
/ip firewall address-list remove [/ip firewall address-list find list=ComcastPublic]
put "cleaning out v6 firewall address lists"
/ipv6 firewall address-list remove [/ipv6 firewall address-list find list=RU]
/ipv6 firewall address-list remove [/ipv6 firewall address-list find list=CN]
/ipv6 firewall address-list remove [/ipv6 firewall address-list find list=KZ]
/ipv6 firewall address-list remove [/ipv6 firewall address-list find list=BR]
/ipv6 firewall address-list remove [/ipv6 firewall address-list find list=Foreign]
/put "Starting Address lists"
/put "Whitelist"
/ip firewall address-list
...
and the end 1400+ lines later
/put "disallowing syn floods"
add chain=forward protocol=tcp tcp-flags=syn connection-state=new action=jump jump-target=SYN-Protect comment="SYN Flood protect" disabled=yes
add chain=SYN-Protect protocol=tcp tcp-flags=syn limit=400,5:packet connection-state=new action=accept comment="" disabled=no
add chain=SYN-Protect protocol=tcp tcp-flags=syn connection-state=new action=drop comment="" disabled=no
drop all else
add action=drop chain=forward comment="drop all else"
/put "get Foreign lists"
/put "get china list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/CN
/import file-name=CN
/put "get russia list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/RU
/import file-name=RU
/put "get kz list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/KZ
/import file-name=KZ
/put "get br list"
/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/BR
/import file-name=BR
/put "delete duplicates in KZ and other foreign"
/ip firewall address-list remove [find where list="KZ" && address="93.157.176.0/21"]
/ip firewall address-list remove [find where list="KZ" && address="91.246.96.0/21"]
/ip firewall address-list remove [find where list="RU" && address="193.151.224.0/20"]
/ip firewall address-list remove [find where list="RU" && address="91.246.80.0/20"]
/ip firewall address-list remove [find where list="RU" && address="185.234.24.0/22"]
/ip firewall address-list remove [find where list="RU" && address="81.91.184.0/22"]
/ip firewall address-list remove [find where list="RU" && address="81.91.188.0/24"]
/ip firewall address-list remove [find where list="RU" && address="94.141.224.0/19"]
/ip firewall address-list remove [find where list="RU" && address="188.124.244.0/22"]
/put "delete bad ru rule 212.122 that blocks tesla or amazon aws"
/ip firewall address-list remove [find where list="RU" && address="212.122.0.0/19"]
/put "combine lists for those we block"
/put "combining CN"
/ip firewall address-list
set list=Foreign [find list=CN]
/put "combining KZ"
/ip firewall address-list
set list=Foreign [find list=KZ]
/put "combining BR"
/ip firewall address-list
set list=Foreign [find list=BR]
/put "combining RU"
/ip firewall address-list
set list=Foreign [find list=RU]
/put "combine lists for those we block v6 - ignore RU for now it has its own rule"
/ipv6 firewall address-list
set list=Foreign [find list=CN]
set list=Foreign [find list=KZ]
set list=Foreign [find list=BR]
set list=Foreign [find list=RU]
I've been very happy with my TS-832PXU-RP... My only disappointment is I can't run VM's on it but do have a few containers. (Unifi, pihole, and a HA instance just to play around).
1 Like
Open speedtest and now echo speaks, and older docker image for alexa tts which i will get rid of when i am sure the echo speaks image
Updates the cookie correctly
1 Like
I switched to Homepod's so I didn't need to do that anymore. For firewall I run a Watchguard T35... (Current is t45) .... For VM's I just run bare metal blades on the rack... Couple of VMWare installs and Hyper V's. Mainly for client imaging.
1 Like
What firewall checking site do you use/like. I like shields up. My main router/firewall is a mikrotik cloud core 16 core router.
Man I haven't been to shields up in a while...
1 Like
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
