Página 1 de 4 1234 ÚltimoÚltimo
+ Responder ao Tópico



  1. Pacotão de regras para seu incrementar teu firewall!
    lembresse de testar antes em bancada...

    LEMBRANDO QUE TODOS OS CREDITOS SÃO DEVIDO AO USUARIO E MEU AMIGO MAGNUSRK8

    FONTE lista-wireless.com


    é só colar no terminal o seguinte comando:

    Código :
    /ip firewall filter
    add action=drop chain=forward comment="Bloqueio dos P2P" disabled=no p2p=\
        all-p2p
    add action=drop chain=forward comment="Bloqueio do Ares" disabled=no \
        dst-port=0 protocol=udp
    add action=drop chain=forward comment="" disabled=no p2p=warez
    add action=drop chain=forward comment="" disabled=no protocol=udp src-port=0
    add action=log chain=input comment="Log everything else" disabled=no \
        dst-port=22 log-prefix="DROP SSH" protocol=tcp
    add action=accept chain=forward comment="  permitir conex es relacionadas" \
        connection-state=related disabled=no
    add action=accept chain=forward comment="  permite estabelecer conex es" \
        connection-state=established disabled=no
    add action=accept chain=input comment="aceitando 50 pings a cada 5 segundos" \
        disabled=no limit=50/5s,2 protocol=icmp
    add action=drop chain=input comment="bloqueando o excesso" disabled=no \
        protocol=icmp
    add action=drop chain=input comment="drop ssh brute forcers" disabled=no \
        dst-port=22 protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
        address-list-timeout=1w3d chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
        address-list-timeout=1m chain=input comment="" connection-state=new \
        disabled=no dst-port=22 protocol=tcp
    add action=drop chain=input comment="drop ftp brute" disabled=no dst-port=21 \
        protocol=tcp src-address-list=ftp_blacklist
    add action=accept chain=output comment="" content="530 Login incorrect" \
        disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
    add action=add-dst-to-address-list address-list=ftp_blacklist \
        address-list-timeout=3h chain=output comment="" content=\
        "530 Login incorrect" disabled=no protocol=tcp
    add action=drop chain=forward comment="Bloqueia conex es inv lidas" \
        connection-state=invalid disabled=no
    add action=drop chain=virus comment="" disabled=no dst-port=67-68 protocol=\
        udp
    add action=drop chain=virus comment="  Drop Blaster Worm" disabled=no \
        dst-port=135-139 protocol=tcp
    add action=drop chain=virus comment="  Drop Messenger Worm" disabled=no \
        dst-port=135-139 protocol=udp
    add action=drop chain=virus comment="  Drop Blaster Worm" disabled=no \
        dst-port=445 protocol=tcp
    add action=drop chain=virus comment="  Drop Blaster Worm" disabled=no \
        dst-port=445 protocol=udp
    add action=drop chain=virus comment="  ________" disabled=no dst-port=593 \
        protocol=tcp
    add action=drop chain=virus comment="  ________" disabled=no dst-port=\
        1024-1030 protocol=tcp
    add action=drop chain=virus comment="  Drop MyDoom" disabled=no dst-port=1080 \
        protocol=tcp
    add action=drop chain=virus comment="  ________" disabled=no dst-port=1214 \
        protocol=tcp
    add action=drop chain=virus comment="  ndm requester" disabled=no dst-port=\
        1363 protocol=tcp
    add action=drop chain=virus comment="   ndm server" disabled=no dst-port=1364 \
        protocol=tcp
    add action=drop chain=virus comment="  screen cast" disabled=no dst-port=1368 \
        protocol=tcp
    add action=drop chain=virus comment="  hromgrafx" disabled=no dst-port=1373 \
        protocol=tcp
    add action=drop chain=virus comment="  cichlid" disabled=no dst-port=1377 \
        protocol=tcp
    add action=drop chain=virus comment="  Worm" disabled=no dst-port=1433-1434 \
        protocol=tcp
    add action=drop chain=virus comment="  Bagle Virus" disabled=no dst-port=2745 \
        protocol=tcp
    add action=drop chain=virus comment="  Drop Dumaru.Y" disabled=no dst-port=\
        2283 protocol=tcp
    add action=drop chain=virus comment="  Drop Beagle" disabled=no dst-port=2535 \
        protocol=tcp
    add action=drop chain=virus comment="  Drop Beagle.C-K" disabled=no dst-port=\
        2745 protocol=tcp
    add action=drop chain=virus comment="  Drop MyDoom" disabled=no dst-port=\
        3127-3128 protocol=tcp
    add action=drop chain=virus comment="  Drop Backdoor OptixPro" disabled=no \
        dst-port=3410 protocol=tcp
    add action=drop chain=virus comment="  Worm" disabled=no dst-port=4444 \
        protocol=tcp
    add action=drop chain=virus comment="  Worm" disabled=no dst-port=4444 \
        protocol=udp
    add action=drop chain=virus comment="  Drop Sasser" disabled=no dst-port=5554 \
        protocol=tcp
    add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
        protocol=tcp
    add action=drop chain=virus comment="  Drop Dabber.A-B" disabled=no dst-port=\
        9898 protocol=tcp
    add action=drop chain=virus comment="  Drop MyDoom.B" disabled=no dst-port=\
        10080 protocol=tcp
    add action=drop chain=virus comment="  Drop NetBus" disabled=no dst-port=\
        12345 protocol=tcp
    add action=drop chain=virus comment="" disabled=no
    add action=drop chain=virus comment="  Drop SubSeven" disabled=no dst-port=\
        27374 protocol=tcp
    add action=drop chain=virus comment="  Drop PhatBot, Agobot, Gaobot" \
        disabled=no dst-port=65506 protocol=tcp
    add action=jump chain=forward comment="  jump to the virus chain" disabled=no \
        jump-target=virus
    add action=accept chain=forward comment="  Allow HTTP" disabled=no dst-port=\
        80 protocol=tcp
    add action=accept chain=forward comment="  Allow SMTP" disabled=no dst-port=\
        25 protocol=tcp
    add action=accept chain=forward comment="  allow TCP" disabled=no protocol=\
        tcp
    add action=accept chain=forward comment="  allow ping" disabled=no protocol=\
        icmp
    add action=accept chain=forward comment="  allow udp" disabled=no protocol=\
        udp
    add action=drop chain=forward comment="  drop everything else" disabled=no
    Última edição por osmano807; 31-05-2010 às 11:48.

  2. Muito bom o firewall, black list para usuario que tenta invadir por ssh, bloquear os p2p, ping e tudo mais. Muito bom mesmo !



  3. quais a funções principais dessas regras?

  4. pessoal alguem me explica como funciona o black list?



  5. Amigo o blacklist, é uma uma cara esta tentando invadir seu mk pela portas que esta aberta. Ele coloca o bruteforce, e ele fica tentando uma serie de combinações possiveis, com o blacklist configurado o ip dele vai la para o Firewall> address list, dropando qualquer coisa que aquele ip tenta fazer.
    Citação Postado originalmente por Nando Ver Post
    pessoal alguem me explica como funciona o black list?






Tópicos Similares

  1. Sugestão de Flutuador para seu POP
    Por evertonsoares no fórum Redes
    Respostas: 5
    Último Post: 12-04-2011, 10:49
  2. Respostas: 2
    Último Post: 03-03-2011, 20:57
  3. Gostaria de regras para velocímetros
    Por weliton no fórum Redes
    Respostas: 13
    Último Post: 19-06-2010, 00:36
  4. Diferenças de regras para hotspot [?]
    Por magrock no fórum Redes
    Respostas: 2
    Último Post: 22-04-2009, 23:01
  5. Duvidas de regras para bloquear virus
    Por limacbl no fórum Redes
    Respostas: 5
    Último Post: 14-12-2008, 16:27

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L