tantas regras... se eu colocar isto no meu mk trava! rsrsrs
valeu pelo post....
até mais...
Versão Imprimível
tantas regras... se eu colocar isto no meu mk trava! rsrsrs
valeu pelo post....
até mais...
So para tirar um 10: poderia ser comentado:boxing:Citação:
/ip firewall filter
add action=accept chain=input comment="Accept winbox" disabled=no dst-port=\
8291 protocol=tcp
add action=drop chain=input comment="BLOQUEIA SCAN PELO WINBOX" disabled=no \
dst-port=5678 protocol=udp
add action=drop chain=input comment="bloqueio do proxy externo" disabled=no \
dst-port=3528 in-interface=redenetworks protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=3528 \
in-interface=redenetworks protocol=tcp
add action=drop chain=output comment="" disabled=no dst-port=3528 \
out-interface=redenetworks protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=3528 \
in-interface=copel protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=3528 \
in-interface=copel protocol=tcp
add action=drop chain=output comment="" disabled=no dst-port=3528 \
out-interface=copel protocol=tcp
add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no \
dst-port=3528 in-interface=clientes protocol=tcp
add action=drop chain=forward comment=\
"Limitando numero conexoes simultaneas para 30 conecxao REDE CLIENTE" \
connection-limit=50,32 disabled=no in-interface=clientes packet-mark=\
!semlimite protocol=tcp tcp-flags=syn
add action=jump chain=input comment=\
"REPASSA TRAFEGO PARA VERIFICASAO DE PORTAS" disabled=no jump-target=\
"P2P E PORTAS"
add action=jump chain=forward comment="" disabled=no jump-target=\
"P2P E PORTAS"
add action=jump chain=input comment="REPASSA TRAFEGO PARA CANAL VIRUS" \
disabled=no jump-target=VIRUS
add action=jump chain=forward comment="" disabled=no jump-target=VIRUS
add action=jump chain=input comment="BLOQUEIO DE IPS BOGONS" disabled=no \
jump-target=BOGONS
add action=jump chain=forward comment="" disabled=no jump-target=BOGONS
add action=accept chain=input comment="ACEITA CONECSAO NOVAS" \
connection-state=new disabled=no
add action=accept chain=forward comment="" connection-state=new disabled=no
add action=accept chain=input comment="ACEITA CONECSAO ESTABELECIDA" \
connection-state=established disabled=no
add action=accept chain=forward comment="" connection-state=established \
disabled=no
add action=accept chain=input comment="ACEITA CONECSAO RELACIONADAS" \
connection-state=related disabled=no
add action=accept chain=forward comment="" connection-state=related disabled=\
no
add action=accept chain="P2P E PORTAS" comment="PORTAS E P2P /////////////////\
//////////////////////////////////////////////////////////////////////////\
/////////////////////////////////////////////////////" disabled=no \
dst-port=6346-6349 protocol=tcp
add action=accept chain="P2P E PORTAS" comment=FTP disabled=no dst-port=21 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="OUTLOOK EXPRESS" disabled=no \
dst-port=110 protocol=tcp
add action=accept chain="P2P E PORTAS" comment=DNS disabled=no dst-port=53 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment=E-MAIL disabled=no dst-port=25 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="portas do ITR" disabled=no \
dst-port=5636 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5636 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=3456 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="autentica\E7\E3o do MSN" \
disabled=no dst-port=1863 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1853 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment=skipe disabled=no dst-port=\
30369 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="PORTAS DO KAZAA" disabled=no \
dst-port=1214 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="PORTAS DO E-MULE" disabled=no \
dst-port=4662 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=4662 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
6346-6348 protocol=udp
add action=accept chain="P2P E PORTAS" comment="PORTAS DO BITTORRENT" \
disabled=no dst-port=6881-6889 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
6881-6889 protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1214 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="PORTAS RANDON DO BIT TORRENT" \
disabled=no dst-port=57792 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=57792 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="porta servidor CS" disabled=\
no dst-port=27015 protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27015 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
protocol=udp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
protocol=tcp
add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
protocol=udp
add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS TCP" disabled=\
no dst-port=137-139 protocol=tcp src-port=137-139
add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
protocol=tcp src-port=445
add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS UDP" disabled=\
no dst-port=137-139 protocol=udp src-port=137-139
add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
protocol=udp src-port=445
add action=accept chain="P2P E PORTAS" comment="ALL P2P" disabled=no p2p=\
all-p2p
add action=drop chain=VIRUS comment="LISTA DE VIRUS///////////////////////////\
//////////////////////////////////////////////////////////////////////////\
////////////////////////////////////////////////////" disabled=no \
protocol=tcp src-port=445
add action=drop chain=VIRUS comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no protocol=\
udp src-port=445
add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no dst-port=\
445 protocol=udp
add action=drop chain=VIRUS comment="" disabled=no protocol=tcp src-port=\
135-139
add action=drop chain=VIRUS comment="" disabled=no protocol=udp src-port=\
135-139
add action=drop chain=VIRUS comment="" disabled=no dst-port=135-139 protocol=\
tcp
add action=drop chain=VIRUS comment="" disabled=no dst-port=135-139 protocol=\
udp
add action=drop chain=VIRUS comment=________ disabled=no dst-port=593 \
protocol=tcp
add action=drop chain=VIRUS comment=________ disabled=no dst-port=1024-1030 \
protocol=tcp
Certo...
as regras acima cria no filter canais ( VIRUS, BOGONGS E P2P E PORTAS)
com esses canais fica facil identificar as regras pra bloqueio de virus e as outras regras...
Olá amigos do under-Linux
eu sempre tive um duvida sobre esse excesso de regras no MK isso não atrapalha em nada a navegação dos clientes não?
precisa mesmo colocar essa monte de bloqueio de virus????
pois aqui no meu provedor não nada disso, só uso as regras de controle P2P e proxy.
Para min entender é só eu pegar esses codigos colocar no New Terminal da MK, e basicamente para que serve