Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. Citação Postado originalmente por carneirinhobad Ver Post
    DSSS, peço desculpa pela minha ingnorancia, não to sabendo como fazer o procedimento que vc postou, pelo que entendi não coloco os prints e sim as regras ok??agora to na duvida de como exportar essas regras como vc falou, o terminal que vc fala e o new terminal?? não to sabendo fazer peço desculpas mais uma vez.

    Carlos Henrique
    esfriei um pouco a cabeça, fui e new terminal e dei o comando export e apareceu o que vc falou

    /queue simple
    add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" \
    direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=\
    0/0 max-limit=1000000/1000000 name=CacheFull parent=none priority=8 \
    queue=default-small/default-small target-addresses=192.168.1.1/32 \
    total-queue=default-small
    /queue tree
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
    200000 max-limit=200000 name=p2p packet-mark=p2p parent=global-in \
    priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
    200000 max-limit=200000 name=P2P-IN packet-mark=pacotes-p2p parent=\
    global-in priority=8 queue=default
    add burst-limit=0 burst-threshold=0 burst-time=0s disabled=yes limit-at=\
    200000 max-limit=200000 name=P2P-OUT packet-mark=pacotes-p2p parent=\
    global-out priority=8 queue=default
    /ip firewall mangle
    add action=mark-packet chain=prerouting comment="" disabled=no \
    new-packet-mark=p2p p2p=all-p2p passthrough=yes
    add action=mark-packet chain=output comment="" disabled=no new-packet-mark=\
    p2p p2p=all-p2p passthrough=yes
    add action=mark-connection chain=prerouting comment="" disabled=no \
    new-connection-mark=conexao-p2p p2p=all-p2p passthrough=yes
    add action=mark-packet chain=prerouting comment="" connection-mark=\
    conexao-p2p disabled=no new-packet-mark=pacotes-p2p passthrough=yes

    /ip firewall nat
    add action=masquerade chain=srcnat comment="" disabled=no src-address=\
    172.254.1.0/24
    add action=masquerade chain=srcnat comment="" disabled=no src-address=\
    192.168.1.2
    add action=accept chain=dstnat comment="conectividade social" disabled=no \
    dst-address=200.201.174.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.201.173.0/24
    add action=redirect chain=dstnat comment="Proxy Transparente" disabled=no \
    dst-port=80 in-interface=Internet protocol=tcp src-address=172.254.1.0/24 \
    to-ports=8080
    add action=redirect chain=dstnat comment="" disabled=no dst-port=80 protocol=\
    tcp src-address=192.168.1.2 to-ports=8080
    add action=accept chain=dstnat comment="Hotmail nao passa pelo cache" \
    disabled=no dst-address=207.68.128.0/18
    add action=accept chain=dstnat comment="" disabled=no dst-address=64.4.0.0/18
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    213.199.144.0/20
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    65.52.0.0/14
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.208.0.0/20
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.249.150.0/26
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.167.67.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.179.42.29
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.249.84.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.201.173.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.201.174.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.220.254.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.217.233.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.172.181.0/24
    add action=accept chain=dstnat comment="" disabled=no dst-address=\
    200.141.204.0/24
    add action=dst-nat chain=dstnat comment="Redirecionamento Radmin" disabled=no \
    dst-port=4899 in-interface="(unknown)" protocol=tcp to-addresses=\
    192.168.1.2 to-ports=4899
    add action=dst-nat chain=dstnat comment="Redirecionamento Vnc" disabled=no \
    dst-port=5800-5900 in-interface="(unknown)" protocol=tcp to-addresses=\
    192.168.1.2 to-ports=5800-5900
    add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no src-address=192.168.1.0/24

  2. DSSS, as regras IP Filter passam dos 1497 caracteres por isso não madei tudo, e preciso manda o resto??
    henrique


    /ip firewall filter
    add action=drop chain=forward comment="Bloqueio Portas do Windows" disabled=\
    no dst-port=135 protocol=tcp
    add action=drop chain=output comment="" disabled=no dst-port=135 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=136 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=136 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=136 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=137 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=137 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=137 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=138 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=138 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=138 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=139 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=139 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=139 protocol=tcp
    add action=drop chain=input comment="" disabled=no dst-port=445 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=445 protocol=tcp
    add action=drop chain=input comment=\
    "Bloquear portas de jogos online para melhor desempenho da Banda" \
    disabled=no dst-port=44405 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=44405 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=44405 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=55557 protocol=\
    udp
    add action=drop chain=forward comment="" disabled=no dst-port=55557 protocol=\
    udp
    add action=drop chain=output comment="" disabled=no dst-port=55557 protocol=\
    udp
    add action=drop chain=input comment="" disabled=no dst-port=55970 protocol=\
    tcp
    add action=drop chain=forward comment="" disabled=no dst-port=55970 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=55970 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=55971 protocol=\
    tcp
    add action=drop chain=forward comment="" disabled=no dst-port=55971 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=55971 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=55960 protocol=\
    tcp
    add action=drop chain=forward comment="" disabled=no dst-port=55960 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=55960 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=55961 protocol=\
    tcp
    add action=drop chain=forward comment="" disabled=no dst-port=55961 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=55961 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=55962 protocol=\
    tcp
    add action=drop chain=forward comment="" disabled=no dst-port=55962 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=55962 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=55557 protocol=\
    tcp
    add action=drop chain=forward comment="" disabled=no dst-port=55557 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=55557 protocol=\
    tcp
    add action=drop chain=input comment="" disabled=no dst-port=55901 protocol=\
    tcp
    add action=drop chain=forward comment="" disabled=no dst-port=55901 protocol=\
    tcp
    add action=drop chain=output comment="" disabled=no dst-port=55901 protocol=\
    tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=1434 protocol=\
    tcp
    add action=drop chain=virus comment=Worm disabled=no dst-port=1434 protocol=\
    tcp
    add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
    protocol=tcp
    add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
    protocol=tcp
    add action=accept chain=input comment="conectividade social" disabled=no \
    dst-address=200.201.174.0/24 dst-port=80 protocol=tcp src-address=\
    192.168.0.0/24 src-port=1024-65535
    add action=drop chain=input comment="" disabled=no p2p=all-p2p protocol=tcp
    add action=drop chain=input comment="drop invalid packets" connection-state=\
    invalid disabled=no
    add action=accept chain=input comment="accept related packets" \
    connection-state=related disabled=no
    add action=accept chain=input comment="accept established packets" \
    connection-state=established disabled=no
    add action=drop chain=input comment="detect and drop port scan connections" \
    disabled=no protocol=tcp psd=21,3s,3,1
    add action=tarpit chain=input comment="suppress DoS attack" connection-limit=\
    3,32 disabled=no protocol=tcp src-address-list=black_list
    add action=drop chain=input comment="drop all that is not to local" disabled=\
    no dst-address-type=!local
    add action=drop chain=input comment="drom all that is not from unicast" \
    disabled=no src-address-type=!unicast
    add action=jump chain=input comment="jump to chain ICMP" disabled=no \
    jump-target=ICMP protocol=icmp
    add action=jump chain=input comment="jump to chain services" disabled=no \
    jump-target=services
    add action=accept chain=ICMP comment="0:0 and limit for 5pac/s" disabled=no \
    icmp-options=0:0-255 limit=5,5 protocol=icmp
    add action=accept chain=ICMP comment="3:3 and limit for 5pac/s" disabled=no \
    icmp-options=3:3 limit=5,5 protocol=icmp
    add action=accept chain=ICMP comment="3:4 and limit for 5pac/s" disabled=no \
    icmp-options=3:4 limit=5,5 protocol=icmp
    add action=accept chain=ICMP comment="8:0 and limit for 5pac/s" disabled=no \
    icmp-options=8:0-255 limit=5,5 protocol=icmp
    add action=accept chain=ICMP comment="11:0 and limit for 5pac/s" disabled=no \
    icmp-options=11:0-255 limit=5,5 protocol=icmp
    add action=drop chain=ICMP comment="Drop everything else" disabled=no \
    protocol=icmp
    dd action=drop chain=services comment="TESTE DE P2P BLOQUEIO" disabled=yes \
    p2p=all-p2p protocol=tcp
    add action=accept chain=services comment="accept localhost" disabled=no \
    dst-address=127.0.0.1 src-address=127.0.0.1
    add action=accept chain=services comment="allow ftp" disabled=no dst-port=\
    20-21 protocol=tcp
    add action=accept chain=services comment="allow sftp, ssh" disabled=no \
    dst-port=22 protocol=tcp
    add action=accept chain=services comment="allow telnet" disabled=no dst-port=\
    23 protocol=tcp
    add action=accept chain=services comment="allow DNS request" disabled=no \
    dst-port=53 protocol=tcp
    add action=accept chain=services comment="Allow DNS request" disabled=no \
    dst-port=53 protocol=udp
    add action=accept chain=services comment="allow http, webbox" disabled=no \
    dst-port=80 protocol=tcp
    add action=accept chain=services comment="Allow winbox" disabled=no dst-port=\
    8291 protocol=tcp
    Última edição por carneirinhobad; 07-09-2010 às 09:23.






Tópicos Similares

  1. Mais um que nao consegue fazer cache full
    Por jeffersonjflima no fórum Redes
    Respostas: 14
    Último Post: 03-05-2013, 20:23
  2. Respostas: 3
    Último Post: 12-12-2009, 10:21
  3. Respostas: 18
    Último Post: 05-06-2008, 19:10
  4. Nao consigo fazer refresh no ns secundario
    Por Daniels no fórum Servidores de Rede
    Respostas: 5
    Último Post: 29-03-2005, 08:15
  5. Nao consigo fazer omodem morotola sm56 funcionar no slac 9.0
    Por bandlinux no fórum Servidores de Rede
    Respostas: 1
    Último Post: 04-03-2004, 09:47

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L