+ Responder ao Tópico



  1. #1

    Unhappy Como liberar o P2P?

    Já andei por muitos fóruns e não consegui liberar o acesso P2P para alguns clientes. Gostaria da ajuda de vocês. Segue a configuração ta tabela filter:

    /ip firewall filter

    add action=drop chain=forward comment="BLOQUEIA ACESSO DOS CLIENTES A REDE ADMINISTRATIVA" disabled=no dst-address-list=ADMINISTRATIVO src-address-list=CLIENTES_DHCP

    add action=drop chain=forward comment="BLOQUEIA ACESSO DOS CLIENTES A REDE FARMACIA" disabled=no dst-address-list=FARMACIA src-address-list=CLIENTES_DHCP

    add action=drop chain=forward comment="BLOQUEIA ACESSO DOS CLIENTES A REDE ADMINISTRATIVA" disabled=\no dst-address-list=ADMINISTRATIVO src-address-list=CLIENTES_PPPoE

    add action=drop chain=forward comment="BLOQUEIA ACESSO DOS CLIENTES A REDE FARMACIA" disabled=no dst-address-list=FARMACIA src-address-list=CLIENTES_PPPoE

    add action=drop chain=input comment="BLOQUEIA PING EXTERNO" disabled=no in-interface=Link protocol=icmp

    add action=add-src-to-address-list address-list=TENTATIVA_DE_ACESSO_FTP address-list-timeout=3d chain=input comment="BLOQUEIA FTP EXTERNO" disabled=no dst-port=21 in-interface=Link protocol=tcp

    add action=drop chain=input comment="BLOQUEIA FTP EXTERNO" disabled=no dst-port=21 in-interface=Link protocol=tcp src-address-list=TENTATIVA_DE_ACESSO_FTP

    add action=accept chain=input comment="ACEITA AT\C9 50 PINGS A CADA 2 SEGUNDOS" disabled=no limit=50,2 protocol=icmp

    add action=drop chain=input comment="BLOQUEIA O RESTANTE DE PINGS" disabled=no protocol=icmp

    add action=drop chain=input comment="BLOQUEAR ACESSO EXTERNO A INTERFACE WEB" disabled=no dst-port=963 in-interface=Link protocol=tcp

    add action=accept chain=input comment="LIBERAR ACESSO DE ENTRADA PARA O COMPUTADOR DAS FINANCIAS" disabled=no src-address-list=ADMINISTRATIVO

    add action=accept chain=input comment="LIBERAR ACESSO DE ENTRADA PARA OS CLIENTES DHCP" disabled=no src-address-list=CLIENTES_DHCP

    add action=accept chain=input comment="LIBERAR ACESSO DE ENTRADA PARA FARMACIA" disabled=no src-address-list=FARMACIA

    add action=accept chain=input comment="ACEITA CONEX\D5ES ESTABELECIDAS" connection-state=established \disabled=no

    add action=accept chain=forward comment="REPASSA CONEXOES ESTABELECIDAS" connection-state=established disabled=no

    add action=accept chain=forward comment="REPASSA CONEXOES RELATADAS" connection-state=related disabled=no

    add action=drop chain=virus comment="" disabled=no dst-port=135-139 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=135-139 protocol=udp

    add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=udp

    add action=drop chain=virus comment="" disabled=no dst-port=593 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1024-1030 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1080 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1214 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1363-1364 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1368 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1373 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1377 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=1433-1434 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=2283 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=2535 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=2745 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=3127-3128 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=3410 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=udp

    add action=drop chain=virus comment="" disabled=no dst-port=5554 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=9898 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=10000 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=10080 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=12345 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=17300 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=27374 protocol=tcp

    add action=drop chain=virus comment="" disabled=no dst-port=65506 protocol=tcp

    add action=jump chain=forward comment="MUDA PARA A CADEIA VIRUS" disabled=no jump-target=virus

    add action=accept chain=forward comment="LIBERA ACESSO SMTP" disabled=no dst-port=25 protocol=tcp

    add action=accept chain=forward comment="LIBERA ACESSO HTTP" disabled=no dst-port=80 protocol=tcp

    add action=accept chain=forward comment="LIBERA ACESSO HTTPS" disabled=no dst-port=443 protocol=tcp

    add action=accept chain=forward comment="LIBERA ACESSO DNS" disabled=no dst-port=53 protocol=udp

    add action=drop chain=forward comment="N\C3O REPASSA O QUE N\C3O FOR AUTORIZADO" disabled=no

    add action=drop chain=input comment="BLOQUEIA TODO O RESTO" disabled=no



    Versão 3.30 LVL4

  2. #2

    Padrão

    Amigão, explica direito você quer fazer isso para ALGUNS clientes? não seriam todos?



  3. #3

    Padrão

    No final do meu script eu tenho uma regra que bloqueia todo o resto do forward, para só passar o que for autorizado por mim, mas o problema é que eu libero as conexões "all-p2p" e as portas "6881-6889" e mesmo assim o torrent não responde, dá como se não estivesse conectado.