Let’s be honest — most MikroTik routers out there are running with some half-baked default config and leftover rules that nobody fully understands. We’re not going to build on a mystery box.
We’re going to start clean, understand everything, and configure the firewall like a professional from day one.
🧼 Step 1: Wipe Out the Default Config (Optional but Recommended)
When you first unbox and boot a MikroTik router, it usually comes with a default setup — which may include:
- DHCP server
- NAT masquerade rule
- Basic firewall rules (sometimes)
- Bridge interfaces
- Winbox open to all
🛑 The problem?
You don’t know what it’s doing — and that’s a security risk.
If you’re serious about building your own firewall rules from scratch, it’s better to clear the default config and start fresh.
⚠️ Warning:
Resetting your router will remove all current config — including access. Be sure you’re physically connected or know what you’re doing.
🔄 How to Reset the Config (Without Default Rules):
From Winbox or Terminal, run:
/system reset-configuration no-defaults=yes skip-backup=yes
This will reboot the router and leave it with a bare system — no IPs, no NAT, no DHCP, no firewall.
You’ll need to connect via MAC address in Winbox afterward to start configuring.
🧱 Step 2: Reconnect via MAC Address (Winbox Only)
After reset, the router won’t have an IP address — so you can’t reach it by IP.
Open Winbox, click on Neighbors, and connect using the MAC address.
This is a unique MikroTik feature — no DHCP needed. Once you’re back in, you can start configuring IP addresses manually.
🧮 Step 3: Add a Basic Management IP (for Access)
Let’s assign a static IP to the LAN interface so you can work more comfortably.
/ip address add address=192.168.88.1/24 interface=ether2
Replace ether2 with your LAN port. Now set your PC IP to something like 192.168.88.10 and reconnect via this IP in Winbox or browser (WebFig).
🔍 Step 4: View Existing Firewall Rules (If Any)
If you chose not to reset your router, or you’re working with an existing config, take a moment to see what rules are already in place:
/ip firewall filter print
You’ll see a list of rules — each with a number, chain, action, and optional comments.
Delete everything you don’t fully understand or want to replace.
To remove all firewall filter rules:
/ip firewall filter remove [find]
💾 Step 5: Save a Clean Backup (Optional but Smart)
Now that we’ve wiped the junk and set a minimal base IP, let’s save this clean state so you can revert back easily.
From Terminal:
/system backup save name=clean_base_config
Or in Winbox → Files → Backup → Save.
Download the backup to your PC, just in case.
📘 What You Have Now
✅ Clean MikroTik config
✅ Static IP for local access
✅ Empty firewall — ready to build securely
✅ No random services exposed
✅ Full control
You’re now in charge of every packet that enters or leaves your router.