dan virus di dalam jaring an lokal yang kita miliki, karena netcut dan virus bisa bikin kamu kerepotan. Bagi kamu yang sudah menggunakan mikrotik, berikut adalah settingan firewall pad a mikrotik untuk menangkal netcut dan drop beberapa virus. Langsung saja buka winbox atau pake putty. Pada winbox, klik "New Terminal" dan silahkan copy-paste script di bawah ini: /ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp add action=drop chain=forward connection-state=invalid disabled=no add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp add action=drop chain=virus disabled=no dst-port=445 protocol=tcp add action=drop chain=virus disabled=no dst-port=445 protocol=udp add action=drop chain=virus disabled=no dst-port=593 protocol=tcp add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp add action=drop chain=virus disabled=no dst-port=4444 protocol=udp add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp add action=jump chain=forward disabled=no jump-target=virus add action=drop chain=input connection-state=invalid disabled=no add action=accept chain=input disabled=no protocol=udp add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp add action=drop chain=input disabled=no protocol=icmp add action=accept chain=input disabled=no dst-port=21 protocol=tcp add action=accept chain=input disabled=no dst-port=22 protocol=tcp add action=accept chain=input disabled=no dst-port=23 protocol=tcp add action=accept chain=input disabled=no dst-port=80 protocol=tcp add action=accept chain=input disabled=no dst-port=8291 protocol=tcp add action=accept chain=input disabled=no dst-port=1723 protocol=tcp add action=accept chain=input disabled=no dst-port=23 protocol=tcp add action=accept chain=input disabled=no dst-port=80 protocol=tcp add action=accept chain=input disabled=no dst-port=1723 protocol=tcp add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s ch ain=input disabled=no dst-port=1337 protocol=tcp add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m ch ain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock add action=add-src-to-address-list address-list="port-scanners" address-list-tim
eout=2w chain=input comment="port-scanner" disabled=no protocol=tcp psd=21,3s,3, 1 add action=add-src-to-address-list address-list="port-scanners" address-list-tim eout=2w chain=input comment="SYN/FIN" disabled=no protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port-scanners" address-list-tim eout=2w chain=input comment="SYN/RST" disabled=no protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port-scanners" address-list-tim eout=2w chain=input comment="FIN/PSH/URG" disabled=no protocol=tcp tcp-flags=fin ,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port-scanners" address-list-tim eout=2w chain=input comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fi n,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port-scanners" address-list-tim eout=2w chain=input comment="NMAP" disabled=no protocol=tcp tcp-flags=!fin,!syn, !rst,!psh,!ack,!urg add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment="ANTI-NETCUT" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254 Kemudian reboot mikrotik /system reboot