Scribd Logo
Carica

Benvenuto in Scribd!

  • Firewall Mangle 2016

    Caricato da

    Fann Azza
    9 visualizzazioni5 pagine
    firewall Mangle mikrotik RB750

    Copyright

    © © All Rights Reserved

    Formati disponibili

    TXT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    firewall Mangle mikrotik RB750

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    9 visualizzazioni5 pagine

    Firewall Mangle 2016

    Caricato da

    Fann Azza
    firewall Mangle mikrotik RB750

    Copyright:

    © All Rights Reserved
    Scarica in formato TXT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 5

    MMM

    MMM
    MMMM
    MMMM
    MMM MMMM MMM
    MMM MM MMM
    MMM
    MMM
    MMM
    MMM

    III
    III
    III
    III

    KKK
    KKK
    KKK KKK
    KKKKK
    KKK KKK
    KKK KKK

    RRRRRR
    OOOOOO
    RRR RRR OOO OOO
    RRRRRR
    OOO OOO
    RRR RRR OOOOOO

    MikroTik RouterOS 6.0rc14 (c) 1999-2013

    TTTTTTTTTTT
    TTTTTTTTTTT
    TTT
    TTT
    TTT
    TTT

    III
    III
    III
    III

    KKK
    KKK
    KKK KKK
    KKKKK
    KKK KKK
    KKK KKK

    http://www.mikrotik.com/

    [?]
    command [?]

    Gives the list of available commands


    Gives help on the command and list of arguments

    [Tab]

    Completes the command/word. If the input is ambigous,


    a second [Tab] gives possible options

    /
    Move up to base level
    ..
    Move up one level
    /command
    Use command at the base level
    (107 messages not shown)
    jan/02/1970 07:01:11 system,error,critical router
    ut
    down
    jan/02/1970 07:01:12 system,error,critical router
    ut
    down
    jan/02/1970 07:01:12 system,error,critical router
    ut
    down
    jan/02/1970 07:01:12 system,error,critical router
    ut
    down
    jan/02/1970 07:01:13 system,error,critical router
    ut
    down
    jan/02/1970 07:01:12 system,error,critical router
    ut
    down
    jan/02/1970 07:01:12 system,error,critical router
    ut
    down
    jan/02/1970 07:01:13 system,error,critical router
    ut
    down
    [admin@MikroTik] > ip firewall filter print
    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; place hotspot rules here
    chain=unused-hs-chain action=passthrough
    1

    was rebooted without proper sh


    was rebooted without proper sh
    was rebooted without proper sh
    was rebooted without proper sh
    was rebooted without proper sh
    was rebooted without proper sh
    was rebooted without proper sh
    was rebooted without proper sh

    ;;; allow established connections


    chain=forward action=accept connection-state=established

    ;;; allow related connections


    chain=forward action=accept connection-state=related

    ;;; ;;; Allow DNS traffic


    chain=input action=accept protocol=udp in-interface=indihome src-port=53

    ;;; ;;; Allow NTP traffic


    chain=input action=accept protocol=udp in-interface=indihome
    src-port=123

    ;;; Allow limited pings


    chain=input action=accept protocol=icmp limit=50/5s,2

    chain=input action=accept protocol=icmp limit=50/5s,2

    ;;; drop FTP Brute Forcers


    chain=input action=drop protocol=tcp src-address-list=FTP_BlackList
    dst-port=21

    chain=input action=drop protocol=tcp src-address-list=FTP_BlackList


    dst-port=21

    chain=output action=accept protocol=tcp content=530 Login incorrect


    dst-limit=1/1m,9,dst-address/1m

    10

    chain=output action=add-dst-to-address-list protocol=tcp


    address-list=FTP_BlackList address-list-timeout=1d
    content=530 Login incorrect

    11

    ;;; drop SSH&TELNET Brute Forcers


    chain=input action=drop protocol=tcp src-address-list=IP_BlackList
    dst-port=22-23

    12

    chain=input action=add-src-to-address-list connection-state=new


    protocol=tcp src-address-list=SSH_BlackList_3 address-list=IP_BlackList
    address-list-timeout=1d dst-port=22-23

    13

    chain=input action=add-src-to-address-list connection-state=new


    protocol=tcp src-address-list=SSH_BlackList_2
    address-list=SSH_BlackList_3 address-list-timeout=1m dst-port=22-23

    14

    chain=input action=add-src-to-address-list connection-state=new


    protocol=tcp src-address-list=SSH_BlackList_1
    address-list=SSH_BlackList_2 address-list-timeout=1m dst-port=22-23

    15

    chain=input action=add-src-to-address-list connection-state=new


    protocol=tcp address-list=SSH_BlackList_1 address-list-timeout=1m
    dst-port=22-23

    16

    ;;; drop port scanners


    chain=input action=drop src-address-list=port_scanners

    17

    ;;; Port scanners to list


    chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1
    address-list=port scanners address-list-timeout=2w

    18

    chain=input action=add-src-to-address-list
    tcp-flags=fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
    address-list=port_scanners address-list-timeout=2w

    19

    chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp


    address-list=port_scanners address-list-timeout=2w

    20

    chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp


    address-list=port_scanners address-list-timeout=2w

    21

    chain=input action=add-src-to-address-list
    tcp-flags=fin,psh,urg,!syn,!rst,!ack protocol=tcp
    address-list=port_scanners address-list-timeout=2w

    22

    chain=input action=add-src-to-address-list
    tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp
    address-list=port_scanners address-list-timeout=2w

    23

    chain=input action=add-src-to-address-list
    tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg protocol=tcp
    address-list=port_scanners address-list-timeout=2w

    24

    ;;; ;;; Block W32.Kido - Conficker


    chain=forward action=drop protocol=udp src-port=135-139

    25

    chain=forward action=drop protocol=udp dst-port=135-139,445

    26

    chain=forward action=drop protocol=udp src-port=445

    27

    chain=forward action=drop protocol=tcp src-port=135-139

    28

    chain=forward action=drop protocol=tcp


    dst-port=25,135-139,445,4691,5933,7777

    29

    chain=forward action=drop protocol=tcp src-port=445

    30

    ;;; ;;; Blok LLMNR


    chain=forward action=drop protocol=udp dst-port=5355

    31

    chain=forward action=drop protocol=udp dst-port=4647

    32

    ;;; ;;; SMTP Deny


    chain=forward action=drop protocol=tcp src-port=25

    33

    ;;; ;;; drop invalid connections


    chain=forward action=drop connection-state=invalid

    34

    ;;; ;;; Log Ip Yang Di Tolak


    chain=input action=add-src-to-address-list connection-state=new
    address-list=spam address-list-timeout=30m in-interface=indihome

    35

    ;;; ;;; Drop Semua Akses yang tidak di ijinkan


    chain=input action=drop in-interface=indihome

    36

    ;;; ;;; blokir torrent


    chain=forward action=drop p2p=all-p2p

    [admin@MikroTik] > ip firewall mangle print


    Flags: X - disabled, I - invalid, D - dynamic
    0 X ;;; Rule Game Online
    chain=prerouting action=jump jump-target=game
    1

    ;;; CS Online

    chain=forward action=mark-connection new-connection-mark=MC_Games


    passthrough=yes protocol=tcp dst-port=6567,8001,36567
    connection-mark=!traffic_download
    2

    chain=forward action=mark-connection new-connection-mark=MC_Games


    passthrough=yes protocol=udp dst-port=8001
    connection-mark=!traffic_download

    ;;; Lost Saga


    chain=forward action=mark-connection new-connection-mark=MC_Games
    passthrough=yes protocol=tcp dst-port=14000-14050

    chain=forward action=mark-connection new-connection-mark=MC_Games


    passthrough=yes protocol=udp dst-port=14000-14050

    ;;; FIFA Online 3


    chain=forward action=mark-connection new-connection-mark=MC_Games
    passthrough=yes protocol=tcp dst-port=7770-7790

    ;;; PB Garena
    chain=forward action=mark-connection new-connection-mark=MC_Games
    passthrough=yes protocol=tcp dst-port=9100,9200,39190

    chain=forward action=mark-connection new-connection-mark=MC_Games


    passthrough=yes protocol=udp dst-port=40000-40010

    ;;; Texas HoldEm Poker


    chain=forward action=mark-connection new-connection-mark=MC_Games
    passthrough=yes protocol=tcp dst-port=2466-2468,9339,15000

    ;;; Browsing
    chain=forward action=mark-connection
    new-connection-mark=traffic_browsing passthrough=yes protocol=tcp
    packet-mark=!Packet_Game connection-mark=!MC_Games
    connection-bytes=0-262146

    10

    ;;; Download
    chain=forward action=mark-connection
    new-connection-mark=traffic_download passthrough=yes protocol=tcp
    packet-mark=!Packet_Game connection-bytes=262146-4294967295
    connection-rate=200k-100M

    11

    chain=forward action=mark-connection new-connection-mark=traffic_download


    passthrough=yes protocol=udp packet-mark=!Packet_Game
    connection-bytes=262146-4294967295 connection-rate=200k-100M

    12

    ;;; Paket Game


    chain=forward action=mark-packet new-packet-mark=Packet_Game
    passthrough=yes connection-mark=MC_Games

    13

    ;;; Paket Download


    chain=forward action=mark-packet
    new-packet-mark=mark_packet_traffic_download passthrough=no protocol=tcp
    packet-mark=!Packet_Game connection-bytes=262146-4294967295

    14

    ;;; Paket Browsing


    chain=forward action=mark-packet
    new-packet-mark=mark_packet_traffic_browsing passthrough=no protocol=tcp
    packet-mark=!Packet_Game connection-bytes=0-262146

    15 X ;;; CACHE HIT


    chain=output action=mark-packet new-packet-mark=cache-hits
    passthrough=no dscp=4
    -- [Q quit|D dump|up|down]

    Potrebbero piacerti anche