Toto je původní verze internetového fóra ISPforum.cz do února 2020 bez možnosti registrace nových uživatelů. Aktivní verzi fóra naleznete na adrese https://telekomunikace.cz

MikroTik firewall scripty

Místo, kde žádná otázka není hloupá.
Odpovědět
zavoda
Příspěvky: 15
Registrován: 5 years ago

MikroTik firewall scripty

Příspěvekod zavoda » 5 years ago

Ahoj , mohu Vás poprosit o nějaké pokročilé scripty na firewall? proti různé nákaze a třeba i filtrování paketů ,spamů atd. děkuji :)
0 x
Nahoru
Chilli
Příspěvky: 60
Registrován: 5 years ago

Příspěvekod Chilli » 5 years ago

Já mám takto, ale jde to jednodušeji...

Kód: Vybrat vše

/ip firewall filter
add action=drop chain=input comment="Drop Invalid Connections" connection-state=invalid
add action=accept chain=input comment="Accept established and related packets" connection-state=established,related
add action=reject chain=input comment="Reject DNS from WAN" dst-port=53 in-interface=_VDSL protocol=udp reject-with=icmp-port-unreachable
add action=reject chain=input comment="Reject DNS from WAN" dst-port=53 in-interface=_VDSL protocol=tcp reject-with=icmp-port-unreachable
add action=drop chain=input comment="Drop Anyone in the Black List (Telnet)" src-address-list=Telnet_blacklist
add action=drop chain=input comment="Drop Anyone in the Black List (FTP)" src-address-list=FTP_blacklist
add action=drop chain=input comment="Drop Anyone in the Black List (SSH)" src-address-list=ssh_blacklist
add action=drop chain=input comment="Drop Anyone in the Black List (API)" src-address-list=api_blacklist
add action=accept chain=input comment="Accept Exempt IP Addresses" src-address-list=Vyjimky
add action=accept chain=input comment="Accept Winbox" dst-port=8291 protocol=tcp
add action=add-src-to-address-list address-list=Telnet_blacklist address-list-timeout=1w chain=input comment="Telnet pridat na blacklist na tyden" connection-state=new dst-port=23 protocol=tcp
add action=add-src-to-address-list address-list=FTP_blacklist address-list-timeout=3h chain=input comment="FTP pridat na blacklist na 3 hodiny" content="530 Login incorrect" dst-port=21 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input comment="SSH p\F8idat na blacklist ssh_stage1 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input comment="SSH p\F8idat na blacklist ssh_stage2 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input comment="SSH p\F8idat na blacklist ssh_stage3 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w chain=input comment="SSH pridat na blacklist na tyden" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=api_stage1 address-list-timeout=1m chain=input comment="API p\F8idat na blacklist api_stage1 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp
add action=add-src-to-address-list address-list=api_stage2 address-list-timeout=1m chain=input comment="API p\F8idat na blacklist api_stage2 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage1
add action=add-src-to-address-list address-list=api_stage3 address-list-timeout=1m chain=input comment="API p\F8idat na blacklist api_stage3 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage2
add action=add-src-to-address-list address-list=api_blacklist address-list-timeout=1w chain=input comment="API pridat na blacklist na tyden" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage3
add action=accept chain=forward comment="Accept Exempt IP Addresses" src-address-list=Vyjimky
add action=accept chain=forward comment="Accept Winbox" dst-port=8291 protocol=tcp
add action=drop chain=forward comment="Drop Invalid Connections" connection-state=invalid
add action=accept chain=forward comment="Accept established and related packets" connection-state=established,related
add action=drop chain=forward comment="Drop Anyone in the Black List (Telnet)" disabled=yes src-address-list=Telnet_blacklist
add action=drop chain=forward comment="Drop Anyone in the Black List (FTP)" src-address-list=FTP_blacklist
add action=drop chain=forward comment="Drop Anyone in the Black List (SSH)" disabled=yes src-address-list=ssh_blacklist
add action=drop chain=forward comment="Drop Anyone in the Black List (API)" src-address-list=api_blacklist
add action=add-src-to-address-list address-list=Telnet_blacklist address-list-timeout=1w chain=forward comment="Telnet pridat na blacklist na tyden" connection-state=new dst-port=23 protocol=tcp
add action=add-src-to-address-list address-list=FTP_blacklist address-list-timeout=3h chain=forward comment="FTP pridat na blacklist na 3 hodiny" content="530 Login incorrect" dst-port=21 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=forward comment="SSH p\F8idat na blacklist ssh_stage1 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=forward comment="SSH p\F8idat na blacklist ssh_stage2 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=forward comment="SSH p\F8idat na blacklist ssh_stage3 na 1 hodinu" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w chain=forward comment="SSH pridat na blacklist na tyden" connection-state=new dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=api_stage1 address-list-timeout=1m chain=forward comment="API p\F8idat na blacklist api_stage1 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp
add action=add-src-to-address-list address-list=api_stage2 address-list-timeout=1m chain=forward comment="API p\F8idat na blacklist api_stage2 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage1
add action=add-src-to-address-list address-list=api_stage3 address-list-timeout=1m chain=forward comment="API p\F8idat na blacklist api_stage3 na 1 hodinu" connection-state=new dst-port=8728 protocol=tcp src-address-list=api_stage2
add action=drop chain=input comment="Drop Everything" log=yes log-prefix=DROP_
0 x
Nahoru
Odpovědět

Zpět na „Začátečnické témata“