2:15 PM
predi
berikut baris perintah tersebut ;
/ip firewall filter add chain=forward src-address=0.0.0.0/8 action=drop
/ip firewall filter add chain=forward dst-address=0.0.0.0/8 action=drop
/ip firewall filter add chain=forward src-address=127.0.0.0/8 action=drop
/ip firewall filter add chain=forward dst-address=127.0.0.0/8 action=drop
/ip firewall filter add chain=forward src-address=224.0.0.0/8 action=drop
/ip firewall filter add chain=forward dst-address=224.0.0.0/8 action=drop
/ip firewall filter add chain=forward protocol=tcp action=jump jump-target=tcp
/ip firewall filter add chain=forward protocol=udp action=jump jump-target=udp
/ip firewall filter add chain=forward protocol=icmp action=jump jump-target=icmp
/ip firewall filter add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP"
/ip firewall filter add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC portmapper"
/ip firewall filter add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC portmapper"
/ip firewall filter add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT"
/ip firewall filter add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS"
/ip firewall filter add chain=udp protocol=udp dst-port=3133 action=drop comment="deny BackOrifice"
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address- list="port scaners" address-list-timeout=2w comment="port scanners to list" disabled=no
lebih detail mungkin nanti akan penulis jabarkan pada artikel yang lain. :D
thanks
Posted in: MIKROTIK,SECURITY
0 comments:
Post a Comment