Pessoal, hoje infelizmente eu não consigo controlar os p2p na versão 2.9.27, estou bloqueando portas, e não está legal... Gostaria de uma ajuda de vocês para ao invés de bloquear o P2P, controlar, se possível postem suas regras e comentem...
/ ip firewall filter
add chain=forward src-address=192.168.21.0/24 protocol=udp src-port=0 action=drop comment="Controle P2P ARES e \
Semelhantes" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp src-port=0 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 p2p=warez action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=1025-65535 action=drop comment="Bloqueio de portas UDP \
e TCP" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
add chain=input src-address=192.168.21.0/24 protocol=tcp src-port=1900-2500 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=1025-65535 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
add chain=input src-address=192.168.21.0/24 protocol=tcp src-port=63000-65535 action=drop comment="" disabled=no
add chain=input src-address=192.168.21.0/24 protocol=tcp src-port=1200-1500 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=udp dst-port=1025-65535 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp tcp-flags=syn packet-mark=!semlimite connection-limit=20,32 \
action=drop comment="Limitando a 20 o n mero conexoes simult neas" disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes comment="MARK P2P" \
disabled=no
add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" \
disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=80 action=mark-packet new-packet-mark=semlimite \
passthrough=yes comment="" disabled=no
add chain=forward src-address=192.168.21.0/24 protocol=tcp dst-port=443 action=mark-packet new-packet-mark=semlimite \
passthrough=yes comment="" disabled=no
/ queue tree
add name="P2P-Down" parent=global-in packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=20000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
add name="P2P-Up" parent=global-out packet-mark=p2p limit-at=0 queue=default priority=8 max-limit=20000 burst-limit=0 \
burst-threshold=0 burst-time=0s disabled=no
-
04-01-2008, 00:09 #1
- Ingresso
- Jun 2007
- Posts
- 48
Melhores regras de P2P - MK 2.9.27
-
04-01-2008, 00:36 #2
- Ingresso
- Jan 2007
- Posts
- 271
amigo eu uso aqui regras semelhantes as suas e esta funcionando blz...
da uma olhada nelas, pois eu nao notei nenhuma diferença significativa entre as duas
/ queue tree
add name="limitar p2p-r1" parent=global-in packet-mark=p2p-r2 limit-at=0 queue=default priority=8 max-limit=150000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
add name="limitar p2p-r2" parent=global-out packet-mark=p2p-r2 limit-at=0 queue=default priority=8 max-limit=150000 burst-limit=0 burst-threshold=0 \
burst-time=0s disabled=no
/ ip firewall filter
add chain=input in-interface=link protocol=tcp dst-port=8080 action=drop comment="BLOQUEAR PROXY EXTERNO" disabled=no
add chain=input protocol=icmp action=drop comment="BLOQUEAR PING" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=udp src-port=0 action=drop comment="CONTROLE P2P WAREZ E SEMELHANTES" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=udp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=tcp src-port=0 action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=tcp dst-port=0 action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 p2p=warez action=drop comment="" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=udp dst-port=10025-65535 action=drop comment="BLOQUEIO DE PORTAS TCP-UDP" disabled=no
add chain=forward src-address=10.1.0.0/16 protocol=tcp dst-port=10000-65535 action=drop comment="" disabled=no
/ ip firewall mangle
add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p-r1 passthrough=yes comment="bloquear p2p" disabled=no
add chain=prerouting connection-mark=p2p-r1 action=mark-packet new-packet-mark=p2p-r2 passthrough=yes comment="" disabled=no
qualquer coisa nos de mais detalhes, tipo se em mangle ta contabilizando pacotes na frente dessas regras q vc fez e dados desse tipo...
-
04-01-2008, 15:07 #3
- Ingresso
- Jun 2007
- Posts
- 48
Opa Schramm, blz? Valeu pela interação...
Postado originalmente por schramm
O que estou incomodado eh com os bloqueios de portas, tenho clientes que reclamam algumas portas, tipo de jogo...
Então, gostaria de algo que eu liberasse as portas e ele fizesse o controle somente do P2P... Não sei como andam as novas versoes do MK, tipo a 2.9.50... Se alguem souber e puder postar sobre o assunto a comunidade agradece...
Citação