Scribd Logo
Upload

Welcome to Scribd!

  • 91 views

    Mikro Firewall Defends

    Uploaded by

    Randi Mokodaser
    The document contains configuration rules for a Mikrotik router firewall filter. It includes rules to: 1) Drop traffic on common ports used for network services, administration, and protocols like NetBIOS and DNS. 2) Accept ICMP traffic and traffic from the local network range. 3) Add sources to address lists for ports scanning and drop traffic from addresses in those lists. 4) Drop traffic from addresses in an FTP blacklist address list on FTP ports through a specific interface. 5) Add destinations to an address list for FTP login failures and limit responses.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd

    Mikro Firewall Defends

    Uploaded by

    Randi Mokodaser
    91 views1 page
    The document contains configuration rules for a Mikrotik router firewall filter. It includes rules to: 1) Drop traffic on common ports used for network services, administration, and protocols like NetBIOS and DNS. 2) Accept ICMP traffic and traffic from the local network range. 3) Add sources to address lists for ports scanning and drop traffic from addresses in those lists. 4) Drop traffic from addresses in an FTP blacklist address list on FTP ports through a specific interface. 5) Add destinations to an address list for FTP login failures and limit responses.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document contains configuration rules for a Mikrotik router firewall filter. It includes rules to: 1) Drop traffic on common ports used for network services, administration, and protocols like NetBIOS and DNS. 2) Accept ICMP traffic and traffic from the local network range. 3) Add sources to address lists for ports scanning and drop traffic from addresses in those lists. 4) Drop traffic from addresses in an FTP blacklist address list on FTP ports through a specific interface. 5) Add destinations to an address list for FTP login failures and limit responses.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    91 views1 page

    Mikro Firewall Defends

    Uploaded by

    Randi Mokodaser
    The document contains configuration rules for a Mikrotik router firewall filter. It includes rules to: 1) Drop traffic on common ports used for network services, administration, and protocols like NetBIOS and DNS. 2) Accept ICMP traffic and traffic from the local network range. 3) Add sources to address lists for ports scanning and drop traffic from addresses in those lists. 4) Drop traffic from addresses in an FTP blacklist address list on FTP ports through a specific interface. 5) Add destinations to an address list for FTP login failures and limit responses.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Download as txt, pdf, or txt
    You are on page 1of 1

    [admin@route_Mikrotik_AMIK] /ip firewall filter> print Flags: X - disabled, I - invalid, D - dynamic 0 X ;;; place hotspot rules here chain=unused-hs-chain

    action=passthrough add chain=input action=accept protocol=icmp add chain=forward action=drop protocol=udp src-port=135-139 add chain=forward action=drop protocol=udp dst-port=135-139 add chain=forward action=drop protocol=udp src-port=445 add chain=forward action=drop protocol=udp dst-port=445 add chain=forward action=drop protocol=tcp src-port=135-139 add chain=forward action=drop protocol=tcp dst-port=135-139 add chain=forward action=drop protocol=tcp src-port=445 add chain=forward action=drop protocol=tcp dst-port=445 add chain=forward action=drop protocol=tcp dst-port=4691 add chain=forward action=drop protocol=tcp dst-port=5933 add chain=forward action=drop protocol=udp dst-port=5355 add chain=forward action=drop protocol=udp dst-port=4647 add chain=forward action=drop protocol=tcp src-port=25 add chain=forward action=drop protocol=tcp dst-port=25 add chain=forward action=drop protocol=tcp dst-port=135-139 add chain=forward action=drop protocol=udp dst-port=135-139 add chain=forward action=drop protocol=tcp dst-port=445 add chain=forward action=drop protocol=udp dst-port=445 add chain=forward action=drop protocol=tcp dst-port=593 add chain=forward action=drop protocol=tcp dst-port=4444 add chain=forward action=drop protocol=tcp dst-port=5554 add chain=forward action=drop protocol=tcp dst-port=9996 add chain=forward action=drop protocol=udp dst-port=995-999 add chain=forward action=drop protocol=tcp dst-port=53 add chain=forward action=drop protocol=tcp dst-port=55 ;;;ANTI NETCUT add chain=input action=accept protocol=tcp src-address=192.168.2.0-192.168.2.254 dst-port=0-65535 add chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 addres s-list=port-scanners address-list-timeout=20s add chain=input action=add-src-to-address-list tcp-flags=fin,!syn,!rst,!psh,!ack ,!urg protocol=tcp address-list=port-scanners address-list-timeout=2w add chain=input action=add-src-to-address-list tcp-flags=fin,syn protocol=tcp ad dress-list=port-scanners address-list-timeout=2w add chain=input action=add-src-to-address-list tcp-flags=syn,rst protocol=tcp ad dress-list=port-scanners address-list-timeout=2w add chain=input action=add-src-to-address-list tcp-flags=fin,psh,urg,!syn,!rst,! ack protocol=tcp address-list=port-scanners address-list-timeout=2w add chain=input action=add-src-to-address-list tcp-flags=fin,syn,rst,psh,ack,urg protocol=tcp address-list=port-scanners address-list-timeout=2w add chain=input action=add-src-to-address-list tcp-flags=!fin,!syn,!rst,!psh,!ac k,!urg protocol=tcp address-list=port-scanners address-list-timeout=2w add chain=input action=drop src-address-list=port-scanners add chain=input action=drop protocol=tcp src-address-list=ftp_blacklist in-inter face=ether5 dst-port=21,22,23 add chain=output action=accept protocol=tcp content=530 Login incorrect dst-limi t=10,9,dst-address/1m add chain=output action=add-dst-to-address-list protocol=tcp address-list=ftp_bl acklist address-list-timeout=23h content=530-Login-incorrect

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy