Anda di halaman 1dari 3

/ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=no add action=passthrough chain=hs-unauth comment=""

disabled=no add action=passthrough chain=hs-input comment="" disabled=no add action=passthrough chain=pre-hs-input comment="" disabled=no add action=passthrough chain=hs-unauth-to comment="" disabled=no add action=jump chain=sanity-check comment="Bloqueia Treafego Dirigido a Multica st e Broadcast" disabled=no jump-target=drop src-address-type=broadcast,multicas t add action=log chain=drop comment="" disabled=no log-prefix=DROPPEDD add action=drop chain=drop comment="" disabled=no add action=accept chain=forward comment="" disabled=no add action=accept chain=input comment="Accept FTP SSH TELNET" disabled=no dst-po rt=21-23 protocol=tcp src-address=208.115.227.35 add action=drop chain=input comment="drop ftp brute forcers" disabled=no dst-por t=21 protocol=tcp src-address-list=ftp_blacklist add action=accept chain=output comment="" content="530 Login incorrect" disabled =no dst-limit=1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeo ut=3h chain=output comment="" content="530 Login incorrect" disabled=no protocol =tcp add action=drop chain=input comment="drop ssh brute forcers" disabled=no dst-por t=22 protocol=tcp src-address-list=ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeo ut=1w3d chain=input comment="" connection-state=new disabled=no dst-port=22 prot ocol=tcp \ src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout= 1m chain=input comment="" connection-state=new disabled=no dst-port=22 protocol= tcp \ src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout= 1m chain=input comment="" connection-state=new disabled=no dst-port=22 protocol= tcp \ src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout= 1m chain=input comment="" connection-state=new disabled=no dst-port=22 protocol= tcp add action=accept chain=input comment="Aceita Conex\F5es Estabelecidas" connecti on-state=established disabled=no add action=accept chain=forward comment="" connection-state=established disabled =no add action=accept chain=input comment="Aceita Conex\F5es Relatadas" connection-s tate=related disabled=no add action=accept chain=forward comment="" connection-state=related disabled=no add action=accept chain=input comment="Aceita conex es UDP" disabled=no protocol =udp add action=accept chain=forward comment="" disabled=no protocol=udp add action=accept chain=input comment="Aceita conex es ICMP " disabled=no limit= 50,2 protocol=icmp add action=accept chain=forward comment="" disabled=no limit=50,2 protocol=icmp add action=accept chain=input comment="Aceita pings limitados 50/5s por input" d isabled=no limit=100,1 protocol=icmp add action=accept chain=forward comment="" disabled=no limit=100,1 protocol=icmp add action=accept chain=input comment="Aceita conex o Winbox" disabled=no dst-po rt=8291 protocol=tcp add action=accept chain=output comment="" disabled=no dst-port=8291 protocol=tcp add action=accept chain=forward comment="" disabled=no dst-port=8291 protocol=tc p

add action=accept chain=input comment="Aceita conex o PICO 2000" disabled=no dst -port=1999 protocol=udp add action=accept chain=output comment="" disabled=no dst-port=1999 protocol=udp add action=accept chain=forward comment="" disabled=no dst-port=1999 protocol=ud p add action=accept chain=input comment="" disabled=no dst-port=1999 protocol=tcp add action=accept chain=output comment="" disabled=no dst-port=1999 protocol=tcp add action=accept chain=forward comment="" disabled=no dst-port=1999 protocol=tc p add action=accept chain=input comment="Limita Dos input/forward" disabled=no icm p-options=8:0 limit=1,5 protocol=icmp add action=accept chain=forward comment="" disabled=no icmp-options=8:0 limit=1, 5 protocol=icmp add action=accept chain=input comment="Limita Syn-flood input/forward" disabled= no limit=1,5 protocol=tcp tcp-flags=fin,syn,rst,ack add action=accept chain=forward comment="" disabled=no limit=1,5 protocol=tcp tc p-flags=fin,syn,rst,ack add action=accept chain=forward comment="Aceita SNMP" disabled=no dst-port=161 p rotocol=udp add action=accept chain=input comment="Melhorias no Msn" disabled=no protocol=tc p src-port=1863 add action=accept chain=forward comment="" disabled=no protocol=tcp src-port=186 3 add action=accept chain=input comment="" disabled=no dst-port=443 protocol=tcp add action=accept chain=forward comment="" disabled=no dst-port=443 protocol=tcp add action=jump chain=input comment="Verifica Tr\E1fego de V\EDrus" disabled=no jump-target=Virus add action=jump chain=forward comment="" disabled=no jump-target=Virus add action=drop chain=output comment="Bug tradu o NAT" connection-state=invalid disabled=no protocol=icmp add action=drop chain=forward comment="Bloqueia Conex\F5es Inv\E1lidas" connecti on-state=invalid disabled=no protocol=icmp add action=drop chain=input comment="" connection-state=invalid disabled=no prot ocol=icmp add action=drop chain=forward comment="Bloqueia excesso de Pings" disabled=no pr otocol=icmp add action=drop chain=input comment="" disabled=no protocol=icmp add action=drop chain=forward comment="Bloqueia Netbios e Similares na Rede Inte rna" disabled=no dst-port=135-139 protocol=udp add action=drop chain=forward comment="" disabled=no dst-port=135-139 protocol=t cp add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=tcp add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=udp add action=drop chain=virus comment="Bloqueio de VIRUS conhecidos" disabled=no d st-port=445 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=udp add action=drop chain=virus comment="" disabled=no dst-port=593 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=1080 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=1363 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=1364 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=1373 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=1377 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=1368 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=1433-1434 protocol=t cp add action=drop chain=virus comment="" disabled=no dst-port=1024-1030 protocol=t cp add action=drop chain=virus comment="" disabled=no dst-port=1214 protocol=tcp add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=135 -139 protocol=tcp

add action=drop chain=virus comment="Drop Messenger Worm" disabled=no dst-port=1 35-139 protocol=udp add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=274 5 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=2283 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=2535 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=2745 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=3127-3128 protocol=t cp add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no dst-por t=3410 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=udp add action=drop chain=virus comment="" disabled=no dst-port=5554 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=8866 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=9898 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=10000 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=10080 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=12345 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=17300 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=27374 protocol=tcp add action=drop chain=virus comment="" disabled=no dst-port=65506 protocol=tcp add action=drop chain=Virus comment="Drop SubSeven" disabled=no dst-port=27374 p rotocol=tcp add action=drop chain=Virus comment="" disabled=no dst-port=1243 protocol=tcp add action=drop chain=Virus comment="" disabled=no dst-port=2773 protocol=tcp add action=drop chain=Virus comment="" disabled=no dst-port=6711-6713 protocol=t cp add action=drop chain=Virus comment="" disabled=no dst-port=6776 protocol=tcp add action=drop chain=Virus comment="" disabled=no dst-port=7215 protocol=tcp add action=drop chain=Virus comment="" disabled=no dst-port=7000 protocol=tcp add action=drop chain=Virus comment="" disabled=no dst-port=54283 protocol=tcp add action=drop chain=Virus comment="" disabled=no dst-port=27573 protocol=tcp add action=drop chain=forward comment="Drop NetBios" disabled=no dst-address=0.0 .0.0 src-address=0.0.0.0 add action=drop chain=input comment="Drop DNS Externo" disabled=no dst-port=53 i n-interface=Link protocol=tcp add action=drop chain=input comment="" disabled=no dst-port=53 in-interface=Link protocol=udp