Scribd Logo
Unggah

Selamat datang di Scribd!

  • Firewall Mikrotik Standar

    Diunggah oleh

    Iskak Fatoni
    62 tayangan2 halaman

    Judul Asli

    firewall mikrotik standar.docx

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    DOCX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    62 tayangan2 halaman

    Firewall Mikrotik Standar

    Diunggah oleh

    Iskak Fatoni

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 2

    /ip firewall filter add action=accept chain=input comment="Accept New Connection" connection-state=new disabled=no add action=accept chain=input comment="Accept

    Established connection" connection-state=established disabled=no add action=drop chain=input comment="Drop Invalid Connection" connection-state=invalid disabled=no Drop FTP Brute Force add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment="drop ftp brute forcers" add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" address-list=ftp_blacklist address-list-timeout=3h Drop SSH Brute Force add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute forcers" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=10d comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute downstream" disabled=no

    Drop Winbox Brute Force


    add add add add add add chain=input protocol=tcp dst-port=8291 src-address-list=winbox_blacklist action=drop comment="drop Winbox brute forcers" disabled=no chain=input protocol=tcp dst-port=8291 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=winbox_blacklist address-list-timeout=10d comment="" disabled=no chain=input protocol=tcp dst-port=8291 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=winbox_stage3 address-list-timeout=1m comment="" disabled=no chain=input protocol=tcp dst-port=8291 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=winbox_stage2 address-list-timeout=1m comment="" disabled=no chain=input protocol=tcp dst-port=8291 connection-state=new action=add-src-to-address-list address-list=winbox_stage1 address-list-timeout=1m comment="" disabled=no chain=forward protocol=tcp dst-port=8291 src-address-list=winbox_blacklist action=drop comment="drop Winbox brute downstream" disabled=no

    Drop SMTP Spammer add chain=input protocol=tcp dst-port=25 src-address-list=smtp_blacklist action=drop comment="drop SMTP spammer from outside" disabled=no add chain=input protocol=tcp dst-port=25 connection-state=new src-address-list=smtp_stage3 action=add-src-to-address-list address-list=smtp_blacklist address-list-timeout=10d comment="" disabled=no add chain=input protocol=tcp dst-port=25 connection-state=new src-address-list=smtp_stage2 action=add-src-to-address-list address-list=smtp_stage3 address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=25 connection-state=new src-address-list=smtp_stage1 action=add-src-to-address-list address-list=smtp_stage2 address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=25 connection-state=new action=add-src-to-address-list address-list=smtp_stage1 address-list-timeout=1m comment="" disabled=no add chain=forward protocol=tcp dst-port=25 src-address-list=smtp_blacklist action=drop comment="drop SMTP downstream" disabled=no Drop Port Scanner add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port scanners to list " disabled=no add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP FIN Stealth scan" add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/FIN scan" add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="SYN/RST scan" add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="FIN/PSH/URG scan" add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="ALL/ALL scan" add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="NMAP NULL scan" add chain=input src-address-list="port scanners" action=drop comment="dropping port scanners" disabled=no

    Anda mungkin juga menyukai