Quantcast
Bloqueio UltraSurf MikroTik 5.0

Visite: BR-Linux ·  VivaOLinux ·  LinuxSecurity ·  Dicas-L ·  NoticiasLinux ·  SoftwareLivre.org

+ Responder ao Tópico

  1. Olá Amigos

    Amigos estou querendo bloquear o UltraSurf no meu firewall com MikroTik trabalho com Mikrotik 5.0 apenas como um Rotiador Firewall, Já procurei em varios lugares bloquear este cara mais sem resultado, Não queria bloquear a porta 443 e liberar o básico.
    Queria arrumar uma forma de bloquear apenas o UltraSurf. via Layer7 ou Firewall

    Alguem teria uma ideia de como poderia bloquear este maldito UltraSurf.


  2.    Publicidade


  3. ultrasurf ,ultrasurf deve se o cão mesmo o terror dos provedo usa o ultrasurf no gvt ,telefonica ,embratel que os genio da informatica trabaia la e se os cara surfa posta aquiiii.... se os cara e bom memo....

  4. Config:

    /ip firewall layer7
    add name=http-tunnel regexp=”^get./login/fetchprotocolversion2.htm.http/[-~\t-\r]*host:.cachenetwork.net
    /ip firewall mangle
    add chain=prerouting action=add-dst-to-address-list protocol=tcp src-address-list=imn-network address-list=http-tunnel address-list-timeout=1w layer7-protocol=http-tunnel in-interface=ether4 dst-port=80 comment=”ADD dst-add to http-tunnel (L7)”


    ############################## #######################


    /ip firewall address-list
    add address=72.14.192.0/18 comment="" disabled=no list=ultra
    add address=208.53.128.0/18 comment="" disabled=no list=ultra
    add address=98.136.0.0/14 comment="" disabled=no list=ultra
    add address=64.233.160.0/19 comment="" disabled=no list=ultra
    add address=124.108.120.0/21 comment="" disabled=no list=ultra
    add address=124.108.112.0/20 comment="" disabled=no list=ultra
    add address=68.180.128.0/17 comment="" disabled=no list=ultra
    add address=206.190.32.0/19 comment="" disabled=no list=ultra
    add address=202.158.49.0/24 comment="" disabled=no list=ultra
    add address=203.84.200.0/21 comment="" disabled=no list=ultra
    add address=203.84.204.0/22 comment="" disabled=no list=ultra
    add address=192.221.0.0/16 comment="" disabled=no list=ultra
    /ip firewall filter
    add action=jump chain=forward comment="blok ultrasurf" disabled=no \
    jump-target="url ultra" packet-mark="ultra packet"
    add action=drop chain="url ultra" comment="" disabled=no
    /ip firewall mangle
    add action=mark-connection chain=forward comment=ULTRASURF disabled=no \
    dst-address=0.0.0.0/0 dst-address-list=!ultra dst-port=443 \
    new-connection-mark="ultra connect" passthrough=yes protocol=tcp
    add action=mark-packet chain=forward comment="" connection-mark=\
    "ultra connect" disabled=no new-packet-mark="ultra packet" passthrough=\
    yes





    Citação Postado originalmente por Jonatanmcc Ver Post
    Olá Amigos

    Amigos estou querendo bloquear o UltraSurf no meu firewall com MikroTik trabalho com Mikrotik 5.0 apenas como um Rotiador Firewall, Já procurei em varios lugares bloquear este cara mais sem resultado, Não queria bloquear a porta 443 e liberar o básico.
    Queria arrumar uma forma de bloquear apenas o UltraSurf. via Layer7 ou Firewall

    Alguem teria uma ideia de como poderia bloquear este maldito UltraSurf.

  5. Olá Keybow Blzz

    Cara estou tendo problemas para adicionar o Script layer7, está dando erro.



    Citação Postado originalmente por keybow Ver Post
    Config:

    /ip firewall layer7
    add name=http-tunnel regexp=”^get./login/fetchprotocolversion2.htm.http/[-~\t-\r]*host:.cachenetwork.net
    /ip firewall mangle
    add chain=prerouting action=add-dst-to-address-list protocol=tcp src-address-list=imn-network address-list=http-tunnel address-list-timeout=1w layer7-protocol=http-tunnel in-interface=ether4 dst-port=80 comment=”ADD dst-add to http-tunnel (L7)”


    ############################## #######################


    /ip firewall address-list
    add address=72.14.192.0/18 comment="" disabled=no list=ultra
    add address=208.53.128.0/18 comment="" disabled=no list=ultra
    add address=98.136.0.0/14 comment="" disabled=no list=ultra
    add address=64.233.160.0/19 comment="" disabled=no list=ultra
    add address=124.108.120.0/21 comment="" disabled=no list=ultra
    add address=124.108.112.0/20 comment="" disabled=no list=ultra
    add address=68.180.128.0/17 comment="" disabled=no list=ultra
    add address=206.190.32.0/19 comment="" disabled=no list=ultra
    add address=202.158.49.0/24 comment="" disabled=no list=ultra
    add address=203.84.200.0/21 comment="" disabled=no list=ultra
    add address=203.84.204.0/22 comment="" disabled=no list=ultra
    add address=192.221.0.0/16 comment="" disabled=no list=ultra
    /ip firewall filter
    add action=jump chain=forward comment="blok ultrasurf" disabled=no \
    jump-target="url ultra" packet-mark="ultra packet"
    add action=drop chain="url ultra" comment="" disabled=no
    /ip firewall mangle
    add action=mark-connection chain=forward comment=ULTRASURF disabled=no \
    dst-address=0.0.0.0/0 dst-address-list=!ultra dst-port=443 \
    new-connection-mark="ultra connect" passthrough=yes protocol=tcp
    add action=mark-packet chain=forward comment="" connection-mark=\
    "ultra connect" disabled=no new-packet-mark="ultra packet" passthrough=\
    yes

  6. >>>

  7. sua rede é para clientes ou empresarial?? porque vc quer bloquear o proxy?/

  8. Bom dia meu nomes é Ronildo Plácido, mim add ai no spdnet@hotmail.com que eu coloco pra voce.





    Citação Postado originalmente por Jonatanmcc Ver Post
    Olá Keybow Blzz

    Cara estou tendo problemas para adicionar o Script layer7, está dando erro.

  9. tentei por L7 as regras nao funfam .. por address list não abre o orkut


    Citação Postado originalmente por keybow Ver Post
    Config:

    /ip firewall layer7
    add name=http-tunnel regexp=”^get./login/fetchprotocolversion2.htm.http/[-~\t-\r]*host:.cachenetwork.net
    /ip firewall mangle
    add chain=prerouting action=add-dst-to-address-list protocol=tcp src-address-list=imn-network address-list=http-tunnel address-list-timeout=1w layer7-protocol=http-tunnel in-interface=ether4 dst-port=80 comment=”ADD dst-add to http-tunnel (L7)”


    ############################## #######################


    /ip firewall address-list
    add address=72.14.192.0/18 comment="" disabled=no list=ultra
    add address=208.53.128.0/18 comment="" disabled=no list=ultra
    add address=98.136.0.0/14 comment="" disabled=no list=ultra
    add address=64.233.160.0/19 comment="" disabled=no list=ultra
    add address=124.108.120.0/21 comment="" disabled=no list=ultra
    add address=124.108.112.0/20 comment="" disabled=no list=ultra
    add address=68.180.128.0/17 comment="" disabled=no list=ultra
    add address=206.190.32.0/19 comment="" disabled=no list=ultra
    add address=202.158.49.0/24 comment="" disabled=no list=ultra
    add address=203.84.200.0/21 comment="" disabled=no list=ultra
    add address=203.84.204.0/22 comment="" disabled=no list=ultra
    add address=192.221.0.0/16 comment="" disabled=no list=ultra
    /ip firewall filter
    add action=jump chain=forward comment="blok ultrasurf" disabled=no \
    jump-target="url ultra" packet-mark="ultra packet"
    add action=drop chain="url ultra" comment="" disabled=no
    /ip firewall mangle
    add action=mark-connection chain=forward comment=ULTRASURF disabled=no \
    dst-address=0.0.0.0/0 dst-address-list=!ultra dst-port=443 \
    new-connection-mark="ultra connect" passthrough=yes protocol=tcp
    add action=mark-packet chain=forward comment="" connection-mark=\
    "ultra connect" disabled=no new-packet-mark="ultra packet" passthrough=\
    yes

  10. Olá tmelooliveira blzzz...

    Cara trabalho com MikroTik para Firewall em redes...
    Tenho clientes que pede para bloquear o UltraSurf.


    Citação Postado originalmente por tmelooliveira Ver Post
    sua rede é para clientes ou empresarial?? porque vc quer bloquear o proxy?/

  11. Essas regras funciona perfeitamente ou até demais pois os email não abre ai não rola.

  12. o meu deu o mesmo erro na hora de criar o layer7
    a seguinte mensagem

    Couldnt add new Firewall L7 protocol- bad regexp invalid rang 6

    Citação Postado originalmente por keybow Ver Post
    Config:

    /ip firewall layer7
    add name=http-tunnel regexp=”^get./login/fetchprotocolversion2.htm.http/[-~\t-\r]*host:.cachenetwork.net
    /ip firewall mangle
    add chain=prerouting action=add-dst-to-address-list protocol=tcp src-address-list=imn-network address-list=http-tunnel address-list-timeout=1w layer7-protocol=http-tunnel in-interface=ether4 dst-port=80 comment=”ADD dst-add to http-tunnel (L7)”


    ############################## #######################


    /ip firewall address-list
    add address=72.14.192.0/18 comment="" disabled=no list=ultra
    add address=208.53.128.0/18 comment="" disabled=no list=ultra
    add address=98.136.0.0/14 comment="" disabled=no list=ultra
    add address=64.233.160.0/19 comment="" disabled=no list=ultra
    add address=124.108.120.0/21 comment="" disabled=no list=ultra
    add address=124.108.112.0/20 comment="" disabled=no list=ultra
    add address=68.180.128.0/17 comment="" disabled=no list=ultra
    add address=206.190.32.0/19 comment="" disabled=no list=ultra
    add address=202.158.49.0/24 comment="" disabled=no list=ultra
    add address=203.84.200.0/21 comment="" disabled=no list=ultra
    add address=203.84.204.0/22 comment="" disabled=no list=ultra
    add address=192.221.0.0/16 comment="" disabled=no list=ultra
    /ip firewall filter
    add action=jump chain=forward comment="blok ultrasurf" disabled=no \
    jump-target="url ultra" packet-mark="ultra packet"
    add action=drop chain="url ultra" comment="" disabled=no
    /ip firewall mangle
    add action=mark-connection chain=forward comment=ULTRASURF disabled=no \
    dst-address=0.0.0.0/0 dst-address-list=!ultra dst-port=443 \
    new-connection-mark="ultra connect" passthrough=yes protocol=tcp
    add action=mark-packet chain=forward comment="" connection-mark=\
    "ultra connect" disabled=no new-packet-mark="ultra packet" passthrough=\
    yes

  13. aqui eu consegui bloquear o ultrasurf no mikrotik da seguinte forma:


    ip firewall address-list add address=65.49.0.0/17 comment="" disabled=no list=UltraSurfServers add address=204.107.140.0/24 comment="" disabled=no list=UltraSurfServers

    ip firewall mangle add action=add-src-to-address-list address-list=UltraSurfUsers \ address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=\ no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp

    ip firewall filter add action=drop chain=forward comment="Block UltraSurf" disabled=no dst-port=\ 443 protocol=tcp src-address-list=UltraSurfUsers

    testem e postem o resultado...


  14.    Publicidade




Tópicos Similares

  1. Bloqueio Freegate e Ultrasurf
    Por glaucioklipel no fórum Serviços
    Respostas: 8
    Último Post: 18-06-2012, 20:43
  2. Respostas: 2
    Último Post: 23-11-2011, 04:16
  3. Bloqueio do UltraSurf
    Por laerciomotta no fórum Serviços
    Respostas: 2
    Último Post: 10-04-2010, 10:31
  4. Respostas: 0
    Último Post: 22-01-2010, 02:00
  5. Ips de acesso do ultrasurf
    Por dsxxsd no fórum Serviços
    Respostas: 5
    Último Post: 19-08-2008, 22:24

Tags para este Tópico