Welcome to Scribd!

0% found this document useful (0 votes)

388 views

Basic Universal Firewall Script

Uploaded by

This document provides instructions for setting up a basic universal firewall script. It includes creating an address list for IPs that will have full access, then defines firewall filter rules to protect against Syn floods, ICMP floods, port scans, email spam and more. The rules add dropping IPs to address lists if they trigger the filters, and allow access for established/related connections and DNS. The firewall is configured to jump or accept ICMP and give full access to the defined support address list.

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Basic Universal Firewall Script

Uploaded by

Cesar Rolando Gomez Rodas

0% found this document useful (0 votes)

388 views3 pages

Original Description:

Configuracion Basica de Firewall Mikrotik

Copyright

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Download as docx, pdf, or txt

0% found this document useful (0 votes)

388 views3 pages

Basic Universal Firewall Script

Uploaded by

Cesar Rolando Gomez Rodas

Copyright:

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Download as docx, pdf, or txt

Jump to Page

You are on page 1of 3

Search inside document

Basic universal firewall script.

HANDS ON! First we need to create our ADDRESS LIST with all IPs we will use most times
Below you need to change x.x.x.x/x for your technical subnet. This subnet will have full
access to the router.

/ip firewall address-list add address=10.0.10.1/30 disabled=no list=support

Now we have protection against: SynFlood, ICMP Flood, Port Scan, Email Spam and much
more. For more information read the comments.

ip firewall filter

/ip firewall filter

add action=add-src-to-address-list address-list=Syn_Flooder address-list-

timeout=30m chain=input comment="Add Syn Flood IP to the list" connection-
limit=30,32 protocol=\

tcp tcp-flags=syn

add action=drop chain=input comment="Drop to syn flood list" src-address-

list=Syn_Flooder

add action=add-src-to-address-list address-list=Port_Scanner address-list-

timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp
psd=21,3s,3,1

add action=drop chain=input comment="Drop to port scan list" src-address-

list=Port_Scanner

add action=jump chain=input comment="Jump for icmp input flow" jump-

target=ICMP protocol=icmp

add action=accept chain=input comment="Allows access to winbox from the WAN

# DO NOT ENABLE THIS RULE IF YOU DO NOT WANT TO ACCESS FROM THE
INTERNET" disabled=yes \

dst-port=8291 in-interface="ISP ether10" protocol=tcp

add action=drop chain=input comment="Block all access to the winbox - except

to support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE
SUPPORT ADDRESS LIST" \
disabled=yes dst-port=8291 protocol=tcp src-address-list=!support

add action=jump chain=forward comment="Jump for icmp forward flow" jump-

target=ICMP protocol=icmp

add action=drop chain=forward comment="Drop to bogon list" dst-address-

list=bogons

add action=drop chain=forward comment="Avoid spammers action" dst-

port=25,587 protocol=tcp src-address-list=spammers

add action=accept chain=input comment="Accept DNS - UDP" port=53

protocol=udp

add action=accept chain=input comment="Accept DNS - TCP" port=53

protocol=tcp

add action=accept chain=input comment="Accept to established connections"

connection-state=established

add action=accept chain=input comment="Accept to related connections"

connection-state=related

add action=accept chain=input comment="Full access to SUPPORT address list"

src-address-list=support

add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE

THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
disabled=yes

add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0

protocol=icmp

add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0

protocol=icmp

add action=accept chain=ICMP comment="Destination unreachable" icmp-

options=3:0-1 protocol=icmp

add action=accept chain=ICMP comment=PMTUD icmp-options=3:4

protocol=icmp

add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp

I think this is basic. You can add or remove anything else according to your needs. I
hope it helps!

Cyber Security UNIT-2
Document58 pages
Cyber Security UNIT-2
Dhananjay Singh
100% (2)
Firewall Virus
Document3 pages
Firewall Virus
Marcela Fernández
No ratings yet
Limiting Download File Extensions On Mikrotik
Document10 pages
Limiting Download File Extensions On Mikrotik
wakuadratn
No ratings yet
Install Hyper-V On Windows 10 PDF
Document3 pages
Install Hyper-V On Windows 10 PDF
Juniatus Cornelis Talibura Tubulau
No ratings yet
Script Ganti Nama Isp Di Speedtest Dan Whatsmyip Labkom - Co.Id Nama Interface VPN Vpn-Remote-Labkom Bitniaga 103.149.238.178
Document4 pages
Script Ganti Nama Isp Di Speedtest Dan Whatsmyip Labkom - Co.Id Nama Interface VPN Vpn-Remote-Labkom Bitniaga 103.149.238.178
Arman Rosidi
No ratings yet
Block Whatsapp Con MikroTik
Document1 page
Block Whatsapp Con MikroTik
Álvarez Marco
No ratings yet
24 Online User Guide
Document161 pages
24 Online User Guide
Giscard Sibefo
No ratings yet
Network Documentation A Complete Guide - 2020 Edition
From Everand
Network Documentation A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Firewall MK
Document3 pages
Firewall MK
Arman Nthree
No ratings yet
Block Scanner Mikrotik
Document2 pages
Block Scanner Mikrotik
Bedest Cakep
0% (1)
Port Flooding Mikrotik
Document3 pages
Port Flooding Mikrotik
Maulana Kurniantoro
No ratings yet
Basic Universal Firewall Script - MikroTik Wiki PDF
Document2 pages
Basic Universal Firewall Script - MikroTik Wiki PDF
Decio Ramires
No ratings yet
Ip Firewall filter-MIKROTIK BLOQUEO DE VULNERABILIDADES
Document1 page
Ip Firewall filter-MIKROTIK BLOQUEO DE VULNERABILIDADES
Mario Alcides Calo
No ratings yet
Scripts Moroso
Document1 page
Scripts Moroso
Empresa Optifibra
No ratings yet
Script Configuracion rB2011
Document5 pages
Script Configuracion rB2011
Soldier
No ratings yet
Versi Lite 2isp
Document4 pages
Versi Lite 2isp
Replay Gaming
No ratings yet
Bảo Mật
Document2 pages
Bảo Mật
Minh Nghia Pham
No ratings yet
Firewall
Document4 pages
Firewall
Andika87
No ratings yet
Bloqueo p2p
Document2 pages
Bloqueo p2p
maxdarwin9
No ratings yet
Workshop Firewall
Document10 pages
Workshop Firewall
Zetri Aldino
No ratings yet
Firewall Mikrotik L3
Document5 pages
Firewall Mikrotik L3
jhonnathan0103
No ratings yet
Cara Setting Mikrotik Anti NetCut Firewall Mikrotik
Document2 pages
Cara Setting Mikrotik Anti NetCut Firewall Mikrotik
Sigit Subagyo
No ratings yet
Script Blokir Virus Mikrotik
Document1 page
Script Blokir Virus Mikrotik
Bmg Har
No ratings yet
Block Teamviewer y Whatsapp
Document4 pages
Block Teamviewer y Whatsapp
Juan Antonio M P
No ratings yet
Firewall Mikrotik Brute Force
Document3 pages
Firewall Mikrotik Brute Force
Peel Duatiga Net
No ratings yet
Seting Basic Mikrotik Firewall
Document3 pages
Seting Basic Mikrotik Firewall
Sidiq Mardianta
No ratings yet
Project Report
Document79 pages
Project Report
Kapfo Kapfo
No ratings yet
Installation RadMan
Document14 pages
Installation RadMan
Pujun Ace
No ratings yet
Mikro Firewall Defends
Document1 page
Mikro Firewall Defends
Randi Mokodaser
No ratings yet
Mikrotik 4 WAN Load Balancing Using PCC Method
Document4 pages
Mikrotik 4 WAN Load Balancing Using PCC Method
iulius299
No ratings yet
Report Meraki Security Effectiveness - Meraki MX65W vs. FortiWiFi 60E
Document4 pages
Report Meraki Security Effectiveness - Meraki MX65W vs. FortiWiFi 60E
shapeshiftr
No ratings yet
Brain Computer Interface With Gus Bam P
Document16 pages
Brain Computer Interface With Gus Bam P
Shafayat
No ratings yet
EP Den Help
Document3 pages
EP Den Help
ashish88bhardwaj_314
No ratings yet
New Raw Game Full
Document2 pages
New Raw Game Full
ata
No ratings yet
DMASOFTLAB Radius Manager - Install + Backup + Restore
Document27 pages
DMASOFTLAB Radius Manager - Install + Backup + Restore
chienkma
No ratings yet
Virus Port Mikrotik
Document2 pages
Virus Port Mikrotik
Khodor Akoum
No ratings yet
List ! - List - List ! - List
Document12 pages
List ! - List - List ! - List
James Bold
No ratings yet
Instagram
Document1 page
Instagram
Awak Mas
No ratings yet
Firewall Mikrotik Basico
Document2 pages
Firewall Mikrotik Basico
Jony Fock
No ratings yet
Annisa Rezdky Andini Ab Xii TKJ 5
Document6 pages
Annisa Rezdky Andini Ab Xii TKJ 5
Annisa Rezdky Andini
No ratings yet
Brain Controlled Car For Disabled Using Artificial Intelligence IJERTCONV1IS03024
Document3 pages
Brain Controlled Car For Disabled Using Artificial Intelligence IJERTCONV1IS03024
physics a2
100% (1)
Manual VRRP Mikrotik
Document29 pages
Manual VRRP Mikrotik
usopen0
No ratings yet
Auto PPPoE Script
Document1 page
Auto PPPoE Script
teoven pajaroja
No ratings yet
Brain Computer Interfacewithg MOBIlab
Document13 pages
Brain Computer Interfacewithg MOBIlab
60565882
No ratings yet
Vpnpubg Mikrotik
Document2 pages
Vpnpubg Mikrotik
Lara Zain
No ratings yet
Application of BrainGate System
Document3 pages
Application of BrainGate System
Mayank
No ratings yet
Limit Bandwith Using Layer 7-Protocol PDF
Document5 pages
Limit Bandwith Using Layer 7-Protocol PDF
wawa_syg
No ratings yet
N-W Security FIREWALL
Document8 pages
N-W Security FIREWALL
api-19799369
No ratings yet
Ega Channel X Naufal Azkia Script
Document3 pages
Ega Channel X Naufal Azkia Script
Moh Riski Dewata
No ratings yet
How To Protect Your MikroTik RouterOS
Document13 pages
How To Protect Your MikroTik RouterOS
Ruben Dario
No ratings yet
OLT Comandos
Document1 page
OLT Comandos
J-Marley Israel
No ratings yet
Block Brute Force Attack in Mikrotik Router
Document1 page
Block Brute Force Attack in Mikrotik Router
Pedro Hernandez
No ratings yet
Block Brute Force Attack in Mikrotik Router
Document1 page
Block Brute Force Attack in Mikrotik Router
ReyRodriguezPalencia
No ratings yet
Howto Configure A Mikrotik As Central DHCP Server With Switches As DHCP Relays - Robert Penz Blog
Document15 pages
Howto Configure A Mikrotik As Central DHCP Server With Switches As DHCP Relays - Robert Penz Blog
Anonymous dLqSSVXbSc
No ratings yet
Mplement Ontent Iltering: Lay Minh (Makito)
Document27 pages
Mplement Ontent Iltering: Lay Minh (Makito)
NaingWinOo
No ratings yet
45 Computer Firewall Interview Questions and Answers
Document5 pages
45 Computer Firewall Interview Questions and Answers
govindaraj.j
No ratings yet
Unit Network Infrastructure Maintenance SA
Document10 pages
Unit Network Infrastructure Maintenance SA
Beschen Harper
100% (1)
Marek Jan Microsoft Hyper V Performance Tuning
Document26 pages
Marek Jan Microsoft Hyper V Performance Tuning
someone
No ratings yet
General Settings For User Authentication and Accounting
Document20 pages
General Settings For User Authentication and Accounting
Imi Michał Smulski
No ratings yet
Mikrotik Basic
Document17 pages
Mikrotik Basic
সাখাওয়াত হোসেন
No ratings yet
Netstat A Complete Guide - 2021 Edition
From Everand
Netstat A Complete Guide - 2021 Edition
Gerardus Blokdyk
No ratings yet
DSP Lab Manual 2010
Document53 pages
DSP Lab Manual 2010
nullka
0% (1)
ECE Lab Manual With Assesment
Document270 pages
ECE Lab Manual With Assesment
T Bharathi
No ratings yet
Msi Rg60se
Document146 pages
Msi Rg60se
masiperes
100% (3)
Balanced Twisted-Pair Telecommunications Cabling and Components Standard
Document299 pages
Balanced Twisted-Pair Telecommunications Cabling and Components Standard
Datashield Info
No ratings yet
Cable Networks
Document32 pages
Cable Networks
Esakki Muthuvel V
No ratings yet
Dawei Zhang - China Mobile
Document10 pages
Dawei Zhang - China Mobile
Sanjay Khatri
No ratings yet
TV Demo Inventory
Document16 pages
TV Demo Inventory
EMC MO
No ratings yet
MRE028
Document1 page
MRE028
Alex Donciu
No ratings yet
Grid GA L3 REASON - RT 0896 2017 - 06 EN - Lo
Document2 pages
Grid GA L3 REASON - RT 0896 2017 - 06 EN - Lo
Fabian Espinoza
No ratings yet
3-DeS Fix NCR Install-User Manual 12-02-05
Document46 pages
3-DeS Fix NCR Install-User Manual 12-02-05
x
No ratings yet
World'S Lowest Power 9-Axis Mems Motiontracking™ Device: General Description Applications
Document89 pages
World'S Lowest Power 9-Axis Mems Motiontracking™ Device: General Description Applications
rodrigoelbarbaro
No ratings yet
10G Data Center Switch-3 Watchdog
Document24 pages
10G Data Center Switch-3 Watchdog
yogendra
No ratings yet
Mobile Phone Secrets
Document12 pages
Mobile Phone Secrets
Arun Kumar Tiwari
No ratings yet
Kinco GL070&GL070E Usermanual
Document1 page
Kinco GL070&GL070E Usermanual
octavioamezquita
No ratings yet
Tech Spec ASN 15 GHZ
Document13 pages
Tech Spec ASN 15 GHZ
Wilsonsb
No ratings yet
ALCATEL 2432-UserGuide
Document25 pages
ALCATEL 2432-UserGuide
asnawsas
100% (2)
ABB RPBA 01 Profibus DP Adapter Module Start Guide
Document5 pages
ABB RPBA 01 Profibus DP Adapter Module Start Guide
An Sang
0% (1)
Networking Notes
Document9 pages
Networking Notes
rishabh singh
No ratings yet
PDH, Broadband ISDN, ATM, and All That: A Guide To Modern WAN Networking, and How It Evolved
Document73 pages
PDH, Broadband ISDN, ATM, and All That: A Guide To Modern WAN Networking, and How It Evolved
Sachin Garg
100% (1)
Etsi Gs Mec 003: Multi-Access Edge Computing (MEC) Framework and Reference Architecture
Document21 pages
Etsi Gs Mec 003: Multi-Access Edge Computing (MEC) Framework and Reference Architecture
José Alvarez
No ratings yet
204.4118.01 DmSwitch EDD Command Reference
Document247 pages
204.4118.01 DmSwitch EDD Command Reference
moxdy
No ratings yet
BLHeliSuite 4w-If Protocol
Document6 pages
BLHeliSuite 4w-If Protocol
Titi
No ratings yet
Digital Signal Processing
Document220 pages
Digital Signal Processing
Aarun Arasan
No ratings yet
SCHEM, MLB, PB17": Bom Options
Document44 pages
SCHEM, MLB, PB17": Bom Options
RisoSilva
No ratings yet
Survivability Analysis of Next-Generation Passive Optical Networks and Fiber-Wireless Access Networks
Document34 pages
Survivability Analysis of Next-Generation Passive Optical Networks and Fiber-Wireless Access Networks
Nicolae Colin
No ratings yet
MiVoice MX-ONE SNMP Configuration
Document1 page
MiVoice MX-ONE SNMP Configuration
Eid Cavalcanti
No ratings yet
Epson EB-X400 XGA 3LCD Projector - Corporate and Education - Projectors - Epson Indonesia
Document2 pages
Epson EB-X400 XGA 3LCD Projector - Corporate and Education - Projectors - Epson Indonesia
Ebed
No ratings yet
18CS81 IOT Notes Module1
Document13 pages
18CS81 IOT Notes Module1
Jerrin
No ratings yet
ChapterII-RFIF ComponentsAndSpecificationsForReceivers
Document22 pages
ChapterII-RFIF ComponentsAndSpecificationsForReceivers
luminedinburgh
No ratings yet

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Basic Universal Firewall Script

Uploaded by

Copyright:

Available Formats

Basic Universal Firewall Script

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Basic Universal Firewall Script

Uploaded by

Copyright:

Available Formats

Basic universal firewall script.

/ip firewall address-list add address=10.0.10.1/30 disabled=no list=support

/ip firewall filter

add action=add-src-to-address-list address-list=Syn_Flooder address-list-

add action=drop chain=input comment="Drop to syn flood list" src-address-

add action=add-src-to-address-list address-list=Port_Scanner address-list-

add action=drop chain=input comment="Drop to port scan list" src-address-

add action=jump chain=input comment="Jump for icmp input flow" jump-

add action=accept chain=input comment="Allows access to winbox from the WAN

dst-port=8291 in-interface="ISP ether10" protocol=tcp

add action=drop chain=input comment="Block all access to the winbox - except

add action=jump chain=forward comment="Jump for icmp forward flow" jump-

add action=drop chain=forward comment="Drop to bogon list" dst-address-

add action=drop chain=forward comment="Avoid spammers action" dst-

add action=accept chain=input comment="Accept DNS - UDP" port=53

add action=accept chain=input comment="Accept DNS - TCP" port=53

add action=accept chain=input comment="Accept to established connections"

add action=accept chain=input comment="Accept to related connections"

add action=accept chain=input comment="Full access to SUPPORT address list"

add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE

add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0

add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0

add action=accept chain=ICMP comment="Destination unreachable" icmp-

add action=accept chain=ICMP comment=PMTUD icmp-options=3:4

add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.