Standar Firewall Mikrotik

Label:
Address List
/ip firewall address-list
add address=192.168.0.8 disabled=no list=local-addr ( ip address yg di izinkan untuk acces winbox )

 Firewall Filter
/ip firewall filter
add action=add-src-to-address-list address-list=-FTP address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access FTP" disabled=no dst-port=21 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-FTP
add action=accept chain=input disabled=no dst-port=21 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-SSH address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access SSH" disabled=no dst-port=22 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-SSH
add action=accept chain=input disabled=no dst-port=22 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-TELNET address-list-timeout=\
    4w2d chain=input comment="Filter - Wan Access TELNET" disabled=no dst-port=\
    23 protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-TELNET
add action=accept chain=input disabled=no dst-port=23 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-WEB address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access WEB" disabled=no dst-port=80 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-WEB
add action=accept chain=input disabled=no dst-port=80 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-WINBOX address-list-timeout=\
    4w2d chain=input comment="Filter - Wan Access WINBOX" disabled=no dst-port=\
    8291 protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-WINBOX
add action=accept chain=input disabled=no dst-port=8291 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list=-VPN address-list-timeout=4w2d \
    chain=input comment="Filter - Wan Access VPN" disabled=no dst-port=1723 \
    protocol=tcp src-address-list=!local-addr
add action=drop chain=input disabled=no src-address-list=-VPN
add action=accept chain=input disabled=no dst-port=1723 protocol=tcp \
    src-address-list=local-addr
add action=add-src-to-address-list address-list="Filter - Port Scanners" \
    address-list-timeout=2w chain=input comment="Filter - Port Scanners" \
    disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    syn,rst
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    !fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input disabled=no src-address-list="port scanners"
add action=accept chain=forward comment=Connections connection-state=\
    established disabled=no
add action=accept chain=forward connection-state=related disabled=no
add action=drop chain=forward comment="Blok Ping Out" disabled=no \
    out-interface=modem1 protocol=icmp src-address=!192.168.0.8







0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)
Copyright © Tutorial Komputer