MikroTik firewall scripty

Místo, kde žádná otázka není hloupá.
zavoda
Příspěvky: 19
Registrován: 3 weeks ago

MikroTik firewall scripty

Příspěvekod zavoda » 2 weeks ago

Ahoj , mohu Vás poprosit o nějaké pokročilé scripty na firewall? proti různé nákaze a třeba i filtrování paketů ,spamů atd. děkuji :)
0 x

Chilli
Příspěvky: 56
Registrován: 4 months ago

Příspěvekod Chilli » 2 weeks ago

Já mám takto, ale jde to jednodušeji...

Kód: Vybrat vše

/ip firewall filter
add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid
add action=accept chain=input comment="Accept established and related packets" connection-state=established,related
add action=reject chain=input comment="Reject DNS from WAN" dst-port=53 in-interface=_VDSL protocol=udp reject-with=icmp-port-unreachable
add action=reject chain=input comment="Reject DNS from WAN" dst-port=53 in-interface=_VDSL protocol=tcp reject-with=icmp-port-unreachable
add action=drop chain=input comment="Drop Anyone in the Black List (Telnet)" src-address-list=Telnet_blacklist
add action=drop chain=input comment="Drop Anyone in the Black List (FTP)" src-address-list=FTP_blacklist
add action=drop chain=input comment="Drop Anyone in the Black List (SSH)" src-address-list=ssh_blacklist
add action=drop chain=input comment="Drop Anyone in the Black List (API)" src-address-list=api_blacklist
add action=accept chain=input comment="Accept Exempt IP Addresses" src-address-list=Vyjimky
add action=accept chain=input comment="Accept Winbox" dst-port=8291 protocol=tcp
add action=add-src-to-address-list address-list=Telnet_blacklist address-list-timeout=1w chain=input comment="Telnet pridat na blacklist na tyden" connection-state=new dst-port=23 protocol=tcp
add action=add-src-to-address-list address-list=FTP_blacklist address-list-timeout=3h chain=input comment="FTP pridat na blacklist na 3 hodiny" content="530 Login incorrect" dst-port=21 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment="SSH p\F8idat na blacklist ssh_stage1 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment="SSH p\F8idat na blacklist ssh_stage2 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment="SSH p\F8idat na blacklist ssh_stage3 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w chain=input comment="SSH pridat na blacklist na tyden" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=api_stage1 address-list-timeout=1m chain=input comment="API p\F8idat na blacklist api_stage1 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp
add action=add-src-to-address-list address-list=api_stage2 address-list-timeout=1m chain=input comment="API p\F8idat na blacklist api_stage2 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage1
add action=add-src-to-address-list address-list=api_stage3 address-list-timeout=1m chain=input comment="API p\F8idat na blacklist api_stage3 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage2
add action=add-src-to-address-list address-list=api_blacklist address-list-timeout=1w chain=input comment="API pridat na blacklist na tyden" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage3
add action=accept chain=forward comment="Accept Exempt IP Addresses" src-address-list=Vyjimky
add action=accept chain=forward comment="Accept Winbox" dst-port=8291 protocol=tcp
add action=drop chain=forward comment="Drop Invalid Connections" connection-state=invalid
add action=accept chain=forward comment="Accept established and related packets" connection-state=established,related
add action=drop chain=forward comment="Drop Anyone in the Black List (Telnet)" disabled=yes src-address-list=Telnet_blacklist
add action=drop chain=forward comment="Drop Anyone in the Black List (FTP)" src-address-list=FTP_blacklist
add action=drop chain=forward comment="Drop Anyone in the Black List (SSH)" disabled=yes src-address-list=ssh_blacklist
add action=drop chain=forward comment="Drop Anyone in the Black List (API)" src-address-list=api_blacklist
add action=add-src-to-address-list address-list=Telnet_blacklist address-list-timeout=1w chain=forward comment="Telnet pridat na blacklist na tyden" connection-state=new dst-port=23 protocol=tcp
add action=add-src-to-address-list address-list=FTP_blacklist address-list-timeout=3h chain=forward comment="FTP pridat na blacklist na 3 hodiny" content="530 Login incorrect" dst-port=21 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=forward comment="SSH p\F8idat na blacklist ssh_stage1 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=forward comment="SSH p\F8idat na blacklist ssh_stage2 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=forward comment="SSH p\F8idat na blacklist ssh_stage3 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w chain=forward comment="SSH pridat na blacklist na tyden" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=api_stage1 address-list-timeout=1m chain=forward comment="API p\F8idat na blacklist api_stage1 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp
add action=add-src-to-address-list address-list=api_stage2 address-list-timeout=1m chain=forward comment="API p\F8idat na blacklist api_stage2 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage1
add action=add-src-to-address-list address-list=api_stage3 address-list-timeout=1m chain=forward comment="API p\F8idat na blacklist api_stage3 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage2
add action=drop chain=input comment="Drop Everything" log=yes log-prefix=DROP_
0 x


Zpět na „Začátečnické témata“

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti