-untuk keamanan RB anda dari hack atau cut ip maka copykan seluruk perintah di bawah ini,kemudian pastekan di new terminal
--Untuk Keamanan Filter Port Forces:
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop_SSH_brute_forces” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d comment=”Drop_SSH_brute_forces1” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces2” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces3” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new cation=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=” Drop_SSH_brute_forces4”
--Untuk Filter Port Scanning
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port_Scanners_To_List” disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=” Port_Scanners_To_List1” disabled=no
--Untuk Filter Port FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter_FTP_to_Box” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”Filter_port_FTP1” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment=”Filter_port_FTP1” disabled=no
--Untuk Separate Packet Flag
/ip firewall filter add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate_Protocol_into_Chains1” disabled=no
/ip firewall filter add chain=forward protocol=udp action=jump jump-target=udp comment=”Separate_Protocol_into_Chains2” disabled=no
/ip firewall filter add chain=forward protocol=icmp action=jump jump-target=icmp comment=”Separate_Protocol_into_Chains3” disabled=no
--Untuk Blok UDP traffic Iblis
/ip firewall filter add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking_UDP_Packet1” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=111 action=drop comment=”Blocking_UDP_Packet2” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=135 action=drop comment=”Blocking_UDP_Packet3” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=137-139 action=drop comment=”Blocking_UDP_Packet4” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=2049 action=drop comment=”Blocking_UDP_Packet5” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=3133 action=drop comment=”Blocking_UDP_Packet6” disabled=no
--Untuk Blok TCP traffic Iblis
/ip firewall filter add chain=tcp protocol=tcp dst-port=69 action=drop comment=”Bloking_TCP_Packet” disabled=no
/ip firewall filter chain=tcp protocol=tcp dst-port=111 action=drop comment=”Bloking_TCP_Packet1” disabled=no
/ip firewall filter chain=tcp protocol=tcp dst-port=119 action=drop comment=”Bloking_TCP_Packet2” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=135 action=drop comment=”Bloking_TCP_Packet3” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”Bloking_TCP_Packet4” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=445 action=drop comment=”Bloking_TCP_Packet5” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”Bloking_TCP_Packet6” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”Bloking_TCP_Packet7” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”Bloking_TCP_Packet8” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”Bloking_TCP_Packet9” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”Bloking_TCP_Packet10” disabled=no
--Untuk Blocking Bukis Mail Traffic
/ip firewall filter add chain=forward protocol=tcp dst-port=25 action=drop comment=”Allow_SMTP” disabled=no
--Untuk Filter DOS
/ip firewall filter add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”Limited_Ping_Flood1” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”Limited_Ping_Flood2” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood3” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood4” disabled=no
/ip firewall filter add chain=icmp protocol=icmp action=drop comment=”Limited_Ping_Flood5” disabled=no
--Untuk Connection P2P
/ip firewall filter add chain=forward p2p=all-p2p action=accept comment=”trafik_P2P” disabled=no
--Untuk Filter Junk Dan Koneksi yang Benar
/ip firewall filter add chain=input connection-state=established action=accept comment=”Connection_State1” disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment=”Connection_State2” disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Connection_State3” disabled=no
--untuk Allow estabilished Connections
/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow_Established_Connections”
--Untuk Related Connections
/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow_Realted_connections”
--Untuk Drop Invalid Connections
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop_Invalid_Connections”
--Untuk Drop Virus
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”drop_invalid_connections”
/ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ ip firewall filter chain=virus protocol=udp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”__________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment=” Drop¬_MyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=”______”
/ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
/ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
/ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
/ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
/ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”BagleVirus”
/ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=”DropDumaruY”
/ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=”DropBeagle”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”DropBeagle_C-K”
/ip firewall filter add chain=virus protocol=tcp dst-port=3127 action=drop comment=”DropMyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=”DropBackdoorOptixPro”
/ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm1”
/ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm2”
/ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=”DropSasser”
/ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=”DropBeagleB”
/ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=”DropDabber-A-B”
/ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=”DropMyDoom-B”
chain=virus protocol=tcp dst-port=12345 action=drop comment=”DropNetBus”
/ip firewall filter add chain=virus protocol=tcp dst-port=17300 action=drop comment=”DropKuang2”
/ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=”DropSubSeven”
/ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=”DropPhatBot,Agobot,Gaobot”
/ip firewall filter add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”
--Untuk Accept Estabilished Connections
/ip firewall filter add chain=input connection-state=established action=accept comment=”Accept_established_connections”
--Terus kalo dah seperti ini Bentengnya hacker mau ngapain?wakkakaka...isep jari kali ya..
--Untuk Accept Related Connections
/ip firewall filter add chain=input connection-state=related action=accept comment=”Accept_related_connections”
--Untuk Drop Invalid Connections
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop_invalid_connections”
--Untuk UDP
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”
--Untuk Allow Limited Ping
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”
--Untuk Drop Excess Ping
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”
--Untuk FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
--Huuhh capek juga..
--Bakar Rokok dulu,dan secangkir kopi jawa
--lanjut....
--Untuk SSH for Secure shell
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”
--Untuk Telnet
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
--Untuk Web
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”
--Untuk Winbox /ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
--capek untuk mulu...di ganti dengan buat
--buat pptp-server
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
--Buat log Everything else
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log_everything_else”
--Buat Anti netcut
/ip firewall filter add action=accept chain=input comment="Anti-Netcut1" disabled=no dst-port=0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut2" disabled=no dst-port=0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut3" disabled=no dst-port=0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut4" disabled=no dst-port=0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut5" disabled=no dst-port=0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut6" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut7" disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut8" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input comment="Anti-Netcut9" disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
--Buat Mematikan Port yang digunakan SPAM
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
mikrotikermania.blogspot.com
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar