firewall
Standar firewall
/ip firewall filter
add action=accept chain=forward comment="Accepted Connections" \
connection-state=established disabled=no
add action=accept chain=input comment="" disabled=no dst-port=80 protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment="Drop invalid connections" \
connection-state=invalid disabled=no
Drop Virus Port
/ip firewall filter
add action=drop chain=forward comment="Drop Virus Port" disabled=no \
dst-port=40016 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=135-139 protocol=\
udp
add action=drop chain=virus comment="" disabled=no dst-port=135-139 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=10080 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=12345 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=17300 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=27374 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=65506 protocol=\
tcp
Drop Port Scanner
/ip firewall filter
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="Drop Port Scanner" disabled=\
no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="" disabled=no src-address-list=\
PortScanner
Drop Brute Force
/ip firewall filter
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m \
protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output comment="" content=\
"530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp \
src-address-list=Blacklist
Drop Trace route
/ip firewall filter
add action=drop chain=forward comment="Drop Traceroute" disabled=no \
icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment="" disabled=no icmp-options=3:3 \
protocol=icmp
add action=drop chain=input comment="" disabled=no protocol=\
icmp src-address-list=!Local
Drop ICMP Ping
/ip firewall filter
add action=drop chain=input comment="Drop ICMP Ping" disabled=no protocol=\
icmp
Drop Netcut Attack
/ip firewall filter
add action=accept chain=input comment="NETCUT BLOCK" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=67.195.134.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=68.142.233.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=68.180.217.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=203.84.204.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=69.63.176.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=69.63.181.0/24
Posted by Admin 1 Comment
Email This
BlogThis!
Share to Twitter
Share to Facebook
Share to Pinterest
How to Drop Trace route using Mikrotik
IP FIREWALL
/ip firewall
add action=drop chain=forward comment="Drop Traceroute" disabled=no \
icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment="" disabled=no icmp-options=3:3 \
protocol=icmp
add action=drop chain=input comment="Disable ICMP ping" disabled=no protocol=\
icmp
Labels: Firewall
How to Block Facebook using Mikrotik
Here this the script for blocked facebook access using mikrotik
IP FIREWALL
/ip firewall
add action=drop chain=forward comment="No-Facebook" content=facebook.com disabled=yes \
dst-port=80 protocol=tcp src-address=192.168.100.0/24
Note:
Content: Facebook.com (you can change it to other site as you want to blocked)
Src-Address: You local IP Rules (change this ip rules with your ip rules)
Posted by Admin 0 Comments
mikrotik firewall
/interface bridge settings set use-ip-firewall=yes
/ip firewall filter add chain=forward connection-state=established comment="allow established connections" add chain=forward connection-state=related comment="allow related connections" add chain=forward connection-state=invalid action=drop comment="drop invalid connections" add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" add chain=virus src-address=0.0.0.0/8 action=drop add chain=virus dst-address=0.0.0.0/8 action=drop add chain=virus src-address=127.0.0.0/8 action=drop add chain=virus dst-address=127.0.0.0/8 action=drop add chain=virus src-address=224.0.0.0/3 action=drop add chain=virus dst-address=224.0.0.0/3 action=drop add chain=forward action=jump jump-target=virus comment="jump to the virus chain" add chain=forward action=accept protocol=tcp dst-port=80 comment="Allow HTTP" add chain=forward protocol=tcp comment="allow TCP" add chain=forward protocol=icmp comment="allow ping" add chain=forward protocol=udp comment="allow udp" add chain=forward action=drop comment="drop everything else"
xxxxxxxxxxx
http://www.jonjonesmusic.com/how-to-block-iphone-and-android-in-mikrotik.html