+ Responder ao Tópico



  1. tantas regras... se eu colocar isto no meu mk trava! rsrsrs

    valeu pelo post....

    até mais...

  2. Citação Postado originalmente por felixhmakowski Ver Post
    /ip firewall filter
    add action=accept chain=input comment="Accept winbox" disabled=no dst-port=\
    8291 protocol=tcp
    add action=drop chain=input comment="BLOQUEIA SCAN PELO WINBOX" disabled=no \
    dst-port=5678 protocol=udp
    add action=drop chain=input comment="bloqueio do proxy externo" disabled=no \
    dst-port=3528 in-interface=redenetworks protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=3528 \
    in-interface=redenetworks protocol=tcp
    add action=drop chain=output comment="" disabled=no dst-port=3528 \
    out-interface=redenetworks protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=3528 \
    in-interface=copel protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=3528 \
    in-interface=copel protocol=tcp
    add action=drop chain=output comment="" disabled=no dst-port=3528 \
    out-interface=copel protocol=tcp
    add action=accept chain=input comment="ACEITAR CONEXOES PROXY" disabled=no \
    dst-port=3528 in-interface=clientes protocol=tcp
    add action=drop chain=forward comment=\
    "Limitando numero conexoes simultaneas para 30 conecxao REDE CLIENTE" \
    connection-limit=50,32 disabled=no in-interface=clientes packet-mark=\
    !semlimite protocol=tcp tcp-flags=syn
    add action=jump chain=input comment=\
    "REPASSA TRAFEGO PARA VERIFICASAO DE PORTAS" disabled=no jump-target=\
    "P2P E PORTAS"
    add action=jump chain=forward comment="" disabled=no jump-target=\
    "P2P E PORTAS"
    add action=jump chain=input comment="REPASSA TRAFEGO PARA CANAL VIRUS" \
    disabled=no jump-target=VIRUS
    add action=jump chain=forward comment="" disabled=no jump-target=VIRUS
    add action=jump chain=input comment="BLOQUEIO DE IPS BOGONS" disabled=no \
    jump-target=BOGONS
    add action=jump chain=forward comment="" disabled=no jump-target=BOGONS
    add action=accept chain=input comment="ACEITA CONECSAO NOVAS" \
    connection-state=new disabled=no
    add action=accept chain=forward comment="" connection-state=new disabled=no
    add action=accept chain=input comment="ACEITA CONECSAO ESTABELECIDA" \
    connection-state=established disabled=no
    add action=accept chain=forward comment="" connection-state=established \
    disabled=no
    add action=accept chain=input comment="ACEITA CONECSAO RELACIONADAS" \
    connection-state=related disabled=no
    add action=accept chain=forward comment="" connection-state=related disabled=\
    no
    add action=accept chain="P2P E PORTAS" comment="PORTAS E P2P /////////////////\
    //////////////////////////////////////////////////////////////////////////\
    /////////////////////////////////////////////////////" disabled=no \
    dst-port=6346-6349 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=FTP disabled=no dst-port=21 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="OUTLOOK EXPRESS" disabled=no \
    dst-port=110 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=DNS disabled=no dst-port=53 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=E-MAIL disabled=no dst-port=25 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="portas do ITR" disabled=no \
    dst-port=5636 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5636 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=5653 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=3456 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="autentica\E7\E3o do MSN" \
    disabled=no dst-port=1863 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1853 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment=skipe disabled=no dst-port=\
    30369 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="PORTAS DO KAZAA" disabled=no \
    dst-port=1214 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="PORTAS DO E-MULE" disabled=no \
    dst-port=4662 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=4662 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
    6346-6348 protocol=udp
    add action=accept chain="P2P E PORTAS" comment="PORTAS DO BITTORRENT" \
    disabled=no dst-port=6881-6889 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=\
    6881-6889 protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=1214 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="PORTAS RANDON DO BIT TORRENT" \
    disabled=no dst-port=57792 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=57792 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="porta servidor CS" disabled=\
    no dst-port=27015 protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27015 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27017 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27018 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27019 \
    protocol=udp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
    protocol=tcp
    add action=accept chain="P2P E PORTAS" comment="" disabled=no dst-port=27060 \
    protocol=udp
    add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS TCP" disabled=\
    no dst-port=137-139 protocol=tcp src-port=137-139
    add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
    protocol=tcp src-port=445
    add action=drop chain="P2P E PORTAS" comment="BLOQUEIA NETBIOS UDP" disabled=\
    no dst-port=137-139 protocol=udp src-port=137-139
    add action=drop chain="P2P E PORTAS" comment="" disabled=no dst-port=445 \
    protocol=udp src-port=445
    add action=accept chain="P2P E PORTAS" comment="ALL P2P" disabled=no p2p=\
    all-p2p
    add action=drop chain=VIRUS comment="LISTA DE VIRUS///////////////////////////\
    //////////////////////////////////////////////////////////////////////////\
    ////////////////////////////////////////////////////" disabled=no \
    protocol=tcp src-port=445
    add action=drop chain=VIRUS comment="" disabled=no dst-port=445 protocol=tcp
    add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no protocol=\
    udp src-port=445
    add action=drop chain=VIRUS comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=udp
    add action=drop chain=VIRUS comment="" disabled=no protocol=tcp src-port=\
    135-139
    add action=drop chain=VIRUS comment="" disabled=no protocol=udp src-port=\
    135-139
    add action=drop chain=VIRUS comment="" disabled=no dst-port=135-139 protocol=\
    tcp
    add action=drop chain=VIRUS comment="" disabled=no dst-port=135-139 protocol=\
    udp
    add action=drop chain=VIRUS comment=________ disabled=no dst-port=593 \
    protocol=tcp
    add action=drop chain=VIRUS comment=________ disabled=no dst-port=1024-1030 \
    protocol=tcp
    So para tirar um 10: poderia ser comentado



  3. Certo...
    as regras acima cria no filter canais ( VIRUS, BOGONGS E P2P E PORTAS)
    com esses canais fica facil identificar as regras pra bloqueio de virus e as outras regras...

  4. Olá amigos do under-Linux
    eu sempre tive um duvida sobre esse excesso de regras no MK isso não atrapalha em nada a navegação dos clientes não?

    precisa mesmo colocar essa monte de bloqueio de virus????

    pois aqui no meu provedor não nada disso, só uso as regras de controle P2P e proxy.



  5. Para min entender é só eu pegar esses codigos colocar no New Terminal da MK, e basicamente para que serve






Tópicos Similares

  1. iptables X output filter
    Por ecbr no fórum Servidores de Rede
    Respostas: 4
    Último Post: 31-03-2004, 07:46
  2. Iptraf - Filter
    Por Gnuser no fórum Servidores de Rede
    Respostas: 0
    Último Post: 10-03-2004, 09:08
  3. Manual Linux Completo :)
    Por ehehe no fórum Servidores de Rede
    Respostas: 6
    Último Post: 09-03-2004, 21:34
  4. Reinstalar pacotes completos com as dependencias de uma so v
    Por webluc no fórum Servidores de Rede
    Respostas: 4
    Último Post: 13-08-2003, 16:01
  5. wine HQ e da Codeweavers completo
    Por no fórum Servidores de Rede
    Respostas: 1
    Último Post: 03-05-2003, 17:45

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L