Página 1 de 3 123 ÚltimoÚltimo
+ Responder ao Tópico



  1. #1

    Padrão Bom pessoal, regras de firewall

    Código :
    / ip firewall filter 
    add chain=forward protocol=tcp dst-port=135 action=drop comment="" disabled=no 
    add chain=input connection-state=invalid action=drop comment="Drop Invalid connections" disabled=no 
    add chain=input connection-state=established action=accept comment="Allow Established connections" disabled=no 
    add chain=input protocol=udp action=accept comment="Allow UDP" disabled=no 
    add chain=input protocol=tcp dst-port=23 action=drop comment="" disabled=yes 
    add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no 
    add chain=input src-address=192.168.0.0/24 action=accept comment="Allow access to router from known network" disabled=no 
    add chain=input action=drop comment="Drop anything else" disabled=no 
    add chain=forward protocol=tcp connection-state=invalid action=drop comment="drop invalid connections" disabled=no 
    add chain=forward connection-state=established action=accept comment="allow already established connections" disabled=no 
    add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no 
    add chain=forward src-address=0.0.0.0/8 action=drop comment="" disabled=no 
    add chain=forward dst-address=0.0.0.0/8 action=drop comment="" disabled=no 
    add chain=forward src-address=127.0.0.0/8 action=drop comment="" disabled=no 
    add chain=forward dst-address=127.0.0.0/8 action=drop comment="" disabled=no 
    add chain=forward src-address=224.0.0.0/3 action=drop comment="" disabled=no 
    add chain=forward dst-address=224.0.0.0/3 action=drop comment="" disabled=no 
    add chain=forward protocol=tcp action=jump jump-target=tcp comment="" disabled=no 
    add chain=forward protocol=udp action=jump jump-target=udp comment="" disabled=no 
    add chain=forward protocol=icmp action=jump jump-target=icmp comment="" disabled=no 
    add chain=tcp protocol=tcp dst-port=69 action=drop comment="deny TFTP" disabled=no 
    add chain=tcp protocol=tcp dst-port=111 action=drop comment="deny RPC portmapper" disabled=no 
    add chain=tcp protocol=tcp dst-port=135 action=drop comment="deny RPC portmapper" disabled=no 
    add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="deny NBT" disabled=no 
    add chain=tcp protocol=tcp dst-port=445 action=drop comment="deny cifs" disabled=no 
    add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS" disabled=no 
    add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny NetBus" disabled=no 
    add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus" disabled=no 
    add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny BackOriffice" disabled=no 
    add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP" disabled=no 
    add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP" disabled=no 
    add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC portmapper" disabled=no 
    add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC portmapper" disabled=no 
    add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT" disabled=no 
    add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS" disabled=no 
    add chain=udp protocol=udp dst-port=3133 action=drop comment="deny BackOriffice" disabled=no 
    add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="drop invalid connections" disabled=no 
    add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="allow established connections" disabled=no 
    add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="allow already established connections" disabled=no 
    add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="allow source quench" disabled=no 
    add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="allow echo request" disabled=no 
    add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="allow time exceed" disabled=no 
    add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="allow parameter bad" disabled=no 
    add chain=icmp action=drop comment="deny all other types" disabled=no 
    add chain=forward src-address=192.168.0.0/24 dst-address=192.168.0.0/24 action=drop comment="Bloqueio acesso entre \
        usuarios" disabled=no 
    add chain="forward protocol=tcp dst-port=135-139 action=drop" action=accept comment="" disabled=no 
    add chain="forward protocol=udp dst-port=135-139 action=drop" action=accept comment="" disabled=no 
    add chain="forward protocol=tcp dst-port=445-449 action=drop" action=accept comment="" disabled=no 
    add chain="forward protocol=udp dst-port=445-449 action=drop" action=accept comment="" disabled=no 
    add chain=input in-interface=Local protocol=tcp src-port=6776 action=drop comment="2000 Cracks " disabled=no 
    add chain=input in-interface=Local protocol=tcp src-port=32418 action=drop comment="Acid Battery " disabled=no 
    add chain=input in-interface=Local protocol=tcp src-port=0-65535 action=drop comment="" disabled=no 
    add chain=input src-address=192.168.1.0/24 action=accept comment="Allow access to router from known network   2" \
        disabled=no 
    add chain=forward src-address=192.168.1.0/24 dst-address=192.168.1.0/24 action=drop comment="Bloqueio acesso entre \
        usuarios 2" disabled=no 
    add chain=forward in-interface=Local out-interface=Local action=accept comment="Allow traffic between wired and wireless \
        networks" disabled=no 
    add chain=forward action=jump jump-target=sanity-check comment="Sanity Check" disabled=no 
    add chain=sanity-check packet-mark=nat-traversal action=jump jump-target=drop comment="Deny illegal NAT traversal" \
        disabled=no 
    add chain=sanity-check protocol=tcp psd=20,3s,3,1 action=add-src-to-address-list address-list=blocked-addr \
        address-list-timeout=1d comment="Block port scans" disabled=no 
    add chain=sanity-check protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list \
        address-list=blocked-addr address-list-timeout=1d comment="Block TCP Null scan" disabled=no 
    add chain=sanity-check protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list \
        address-list=blocked-addr address-list-timeout=1d comment="Block TCP Xmas scan" disabled=no 
    add chain=sanity-check protocol=tcp src-address-list=blocked-addr action=jump jump-target=drop comment="" disabled=no 
    add chain=sanity-check protocol=tcp tcp-flags=rst action=jump jump-target=drop comment="Drop TCP RST" disabled=no 
    add chain=sanity-check protocol=tcp tcp-flags=fin,syn action=jump jump-target=drop comment="Drop TCP SYN+FIN" disabled=no 
    add chain=sanity-check connection-state=invalid action=jump jump-target=drop comment="Dropping invalid connections at \
        once" disabled=no

  2. #2

    Padrão

    Código :
    add chain=sanity-check connection-state=established action=accept comment="Accepting already established connections" \
        disabled=no 
    add chain=sanity-check connection-state=related action=accept comment="Also accepting related connections" disabled=no 
    add chain=sanity-check dst-address-type=broadcast,multicast action=jump jump-target=drop comment="Drop all traffic that \
        goes to multicast or broadcast addresses" disabled=no 
    add chain=sanity-check in-interface=Local dst-address-type=!local dst-address-list=illegal-addr action=jump \
        jump-target=drop comment="Drop illegal destination addresses" disabled=no 
    add chain=sanity-check in-interface=Local src-address-list=!local-addr action=jump jump-target=drop comment="Drop \
        everything that goes from local interface but not from local address" disabled=no 
    add chain=sanity-check in-interface=Public src-address-list=illegal-addr action=jump jump-target=drop comment="Drop \
        illegal source addresses" disabled=no 
    add chain=sanity-check in-interface=Public dst-address-list=!local-addr action=jump jump-target=drop comment="Drop \
        everything that goes from public interface but not to local address" disabled=no 
    add chain=sanity-check src-address-type=broadcast,multicast action=jump jump-target=drop comment="Drop all traffic that \
        goes from multicast or broadcast addresses" disabled=no 
    add chain=forward protocol=tcp action=jump jump-target=restrict-tcp comment="" disabled=no 
    add chain=forward protocol=udp action=jump jump-target=restrict-udp comment="" disabled=no 
    add chain=forward action=jump jump-target=restrict-ip comment="" disabled=no 
    add chain=restrict-tcp connection-mark=auth action=reject reject-with=icmp-network-unreachable comment="" disabled=no 
    add chain=restrict-tcp connection-mark=smtp action=jump jump-target=smtp-first-drop comment="anti-spam policy" disabled=no 
    add chain=smtp-first-drop src-address-list=first-smtp action=add-src-to-address-list address-list=approved-smtp \
        address-list-timeout=0s comment="" disabled=no 
    add chain=smtp-first-drop src-address-list=approved-smtp action=return comment="" disabled=no 
    add chain=smtp-first-drop action=add-src-to-address-list address-list=first-smtp address-list-timeout=0s comment="" \
        disabled=no 
    add chain=smtp-first-drop action=reject reject-with=icmp-network-unreachable comment="" disabled=no 
    add chain=restrict-tcp connection-mark=other-tcp action=jump jump-target=drop comment="" disabled=no 
    add chain=restrict-udp connection-mark=other-udp action=jump jump-target=drop comment="" disabled=no 
    add chain=restrict-ip connection-mark=other action=jump jump-target=drop comment="" disabled=no 
    add chain=input src-address-type=local dst-address-type=local action=accept comment="Allow local traffic \(between router \
        applications\)" disabled=no 
    add chain=input in-interface=Local protocol=udp src-port=68 dst-port=67 action=jump jump-target=dhcp comment="DHCP \
        protocol would not pass sanity checking, so enabling it explicitly before other checks" disabled=no 
    add chain=input action=jump jump-target=sanity-check comment="Sanity Check" disabled=no 
    add chain=input dst-address-type=!local action=jump jump-target=drop comment="Dropping packets not destined to the router \
        itself, including all broadcast traffic" disabled=no 
    add chain=input in-interface=Local action=jump jump-target=local-services comment="Allowing some services to be accessible \
        from the local network" disabled=no 
    add chain=input in-interface=Public action=jump jump-target=public-services comment="Allowing some services to be \
        accessible from the Internet" disabled=no 
    add chain=input connection-mark=ping limit=5,5 action=accept comment="Allow pings, but at a very limited rate \(5 per \
        sec\)" disabled=no 
    add chain=input action=jump jump-target=drop comment="" disabled=no 
    add chain=dhcp src-address=0.0.0.0 dst-address=255.255.255.255 action=accept comment="" disabled=no 
    add chain=dhcp src-address=0.0.0.0 dst-address-type=local action=accept comment="" disabled=no 
    add chain=dhcp dst-address-type=local src-address-list=local-addr action=accept comment="" disabled=no 
    add chain=local-services connection-mark=ssh action=accept comment="SSH \(22/TCP\)" disabled=no 
    add chain=local-services connection-mark=dns action=accept comment="DNS" disabled=no 
    add chain=local-services connection-mark=proxy action=accept comment="HTTP Proxy \(3128/TCP\)" disabled=no 
    add chain=local-services connection-mark=winbox action=accept comment="Winbox \(8291/TCP\)" disabled=no 
    add chain=local-services action=drop comment="Drop Other Local Services" disabled=no 
    add chain=public-services connection-mark=ssh action=accept comment="SSH \(22/TCP\)" disabled=no 
    add chain=public-services connection-mark=pptp action=accept comment="PPTP \(1723/TCP\)" disabled=no 
    add chain=public-services connection-mark=gre action=accept comment="GRE for PPTP" disabled=no 
    add chain=public-services action=drop comment="Drop Other Public Services" disabled=no 
    add chain=virus protocol=tcp dst-port=135-139 action=drop comment="Drop Blaster Worm" disabled=no 
    add chain=virus protocol=udp dst-port=135-139 action=drop comment="Drop Messenger Worm" disabled=no 
    add chain=virus protocol=tcp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no 
    add chain=virus protocol=udp dst-port=445 action=drop comment="Drop Blaster Worm" disabled=no 
    add chain=virus protocol=tcp dst-port=593 action=drop comment="________" disabled=no 
    add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="________" disabled=no 
    add chain=virus protocol=tcp dst-port=1080 action=drop comment="Drop MyDoom" disabled=no 
    add chain=virus protocol=tcp dst-port=1214 action=drop comment="________" disabled=no 
    add chain=virus protocol=tcp dst-port=1363 action=drop comment="ndm requester" disabled=no 
    add chain=virus protocol=tcp dst-port=1364 action=drop comment="ndm server" disabled=no 
    add chain=virus protocol=tcp dst-port=1368 action=drop comment="screen cast" disabled=no 
    add chain=virus protocol=tcp dst-port=1373 action=drop comment="hromgrafx" disabled=no 
    add chain=virus protocol=tcp dst-port=1377 action=drop comment="cichlid" disabled=no 
    add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="Worm" disabled=no 
    add chain=virus protocol=tcp dst-port=2745 action=drop comment="Bagle Virus" disabled=no 
    add chain=virus protocol=tcp dst-port=2283 action=drop comment="Drop Dumaru.Y" disabled=no 
    add chain=virus protocol=tcp dst-port=2535 action=drop comment="Drop Beagle" disabled=no 
    add chain=virus protocol=tcp dst-port=2745 action=drop comment="Drop Beagle.C-K" disabled=no 
    add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="Drop MyDoom" disabled=no 
    add chain=virus protocol=tcp dst-port=3410 action=drop comment="Drop Backdoor OptixPro" disabled=no 
    add chain=virus protocol=tcp dst-port=4444 action=drop comment="Worm" disabled=no 
    add chain=virus protocol=udp dst-port=4444 action=drop comment="Worm" disabled=no 
    add chain=virus protocol=tcp dst-port=5554 action=drop comment="Drop Sasser" disabled=no 
    add chain=virus protocol=tcp dst-port=8866 action=drop comment="Drop Beagle.B" disabled=no 
    add chain=virus protocol=tcp dst-port=9898 action=drop comment="Drop Dabber.A-B" disabled=no 
    add chain=virus protocol=tcp dst-port=10000 action=drop comment="Drop Dumaru.Y" disabled=no 
    add chain=virus protocol=tcp dst-port=10080 action=drop comment="Drop MyDoom.B" disabled=no 
    add chain=virus protocol=tcp dst-port=12345 action=drop comment="Drop NetBus" disabled=no 
    add chain=virus protocol=tcp dst-port=17300 action=drop comment="Drop Kuang2" disabled=no 
    add chain=virus protocol=tcp dst-port=27374 action=drop comment="Drop SubSeven" disabled=no 
    add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no 
    add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=yes 
    add chain=forward connection-state=established action=accept comment="allow established connections" disabled=no 
    add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no 
    add chain=forward connection-state=invalid action=drop comment="drop invalid connections" disabled=no 
    add chain=forward protocol=icmp action=accept comment="allow ping" disabled=no 
    add chain=forward protocol=udp action=accept comment="allow udp" disabled=no 
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" \
        address-list-timeout=0s comment="" disabled=no 
    add chain=forward action=drop comment="drop everything else" disabled=yes 
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=accept comment="" disabled=no 
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=accept comment="" disabled=no



    ta ai as regras de firewall de meu servidor

  3. #3

    Padrão Essas são do mangle

    Código :
    / ip firewall mangle 
    add chain=forward src-address=192.168.0.0/24 action=mark-connection new-connection-mark=users-con passthrough=yes \
        comment="Marca  o pacotes Usuarios" disabled=no 
    add chain=forward connection-mark=users-con action=mark-packet new-packet-mark=users passthrough=yes comment="" \
        disabled=no 
    add chain=forward connection-mark=!p2p_conn action=mark-packet new-packet-mark=p2p passthrough=yes comment="" disabled=no 
    add chain=forward src-address=192.168.1.0/24 action=mark-connection new-connection-mark=users-con passthrough=yes \
        comment="" disabled=no 
    add chain=forward src-address=192.168.0.0/24 p2p=!all-p2p action=mark-connection new-connection-mark=p2p_conn \
        passthrough=yes comment="Marca  o Pacotes P2P" disabled=no 
    add chain=forward src-address=192.168.1.0/24 p2p=!all-p2p action=mark-connection new-connection-mark=p2p_conn \
        passthrough=yes comment="" disabled=no 
    add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services comment="" disabled=no 
    add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services comment="" disabled=no 
    add chain=prerouting connection-state=new action=jump jump-target=other-services comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=20-21 action=mark-connection new-connection-mark=ftp \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=513-65535 dst-port=22 action=mark-connection new-connection-mark=ssh \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=23 action=mark-connection new-connection-mark=telnet \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=25 action=mark-connection new-connection-mark=smtp \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=53 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no \
        comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=110 action=mark-connection new-connection-mark=pop3 \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=113 action=mark-connection new-connection-mark=auth \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=119 action=mark-connection new-connection-mark=nntp \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=143 action=mark-connection new-connection-mark=imap \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=161-162 action=mark-connection new-connection-mark=snmp \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=443 action=mark-connection new-connection-mark=https \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=465 action=mark-connection new-connection-mark=smtps \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=993 action=mark-connection new-connection-mark=imaps \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=995 action=mark-connection new-connection-mark=pop3s \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=1723 action=mark-connection new-connection-mark=pptp \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=2379 action=mark-connection new-connection-mark=kgs \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=3128 action=mark-connection new-connection-mark=proxy \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=3987 action=mark-connection new-connection-mark=win-ts \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=4242-4243 action=mark-connection \
        new-connection-mark=emule passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=4661-4662 dst-port=1024-65535 action=mark-connection \
        new-connection-mark=overnet passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=4711 dst-port=1024-65535 action=mark-connection new-connection-mark=emule \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=5900-5901 action=mark-connection new-connection-mark=vnc \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=6667-6669 action=mark-connection new-connection-mark=irc \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=6881-6889 action=mark-connection \
        new-connection-mark=bittorrent passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=8080 action=mark-connection new-connection-mark=http \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=8291 action=mark-connection new-connection-mark=winbox \
        passthrough=no comment="" disabled=no 
    add chain=tcp-services protocol=tcp action=mark-connection new-connection-mark=other-tcp passthrough=no comment="" \
        disabled=no 
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=123 action=mark-connection new-connection-mark=ntp \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=1701 action=mark-connection new-connection-mark=l2tp \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=4665 action=mark-connection new-connection-mark=emule \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=4672 action=mark-connection new-connection-mark=emule \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=4672 dst-port=1024-65535 action=mark-connection new-connection-mark=emule \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=12053 action=mark-connection new-connection-mark=overnet \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=12053 dst-port=1024-65535 action=mark-connection new-connection-mark=overnet \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp src-port=36725 dst-port=1024-65535 action=mark-connection new-connection-mark=skype \
        passthrough=no comment="" disabled=no 
    add chain=udp-services protocol=udp connection-state=new action=mark-connection new-connection-mark=other-udp \
        passthrough=no comment="" disabled=no 
    add chain=other-services protocol=icmp icmp-options=8:0-255 action=mark-connection new-connection-mark=ping passthrough=no \
        comment="" disabled=no 
    add chain=other-services protocol=gre action=mark-connection new-connection-mark=gre passthrough=no comment="" disabled=no 
    add chain=other-services action=mark-connection new-connection-mark=other passthrough=no comment="" disabled=no 
    add chain=prerouting in-interface=Public dst-address-list=nat-addr action=mark-packet new-packet-mark=nat-traversal \
        passthrough=no comment="" disabled=no

  4. #4

    Padrão

    ???

    Você por acaso não respondeu a mensagem criando uma nova?

    Vou trancar e remover depois de amanhã.

  5. #5
    Avatar de marcelomg
    Ingresso
    Jan 2006
    Localização
    São Lourenço do Sul, Brazil
    Posts
    1.471

    Padrão

    ???????????????????????

  6. #6

    Padrão

    como faz pra adicionar em lote essas regras?

  7. #7
    Avatar de marcelomg
    Ingresso
    Jan 2006
    Localização
    São Lourenço do Sul, Brazil
    Posts
    1.471

    Padrão

    Citação Postado originalmente por Elliott Ver Post
    como faz pra adicionar em lote essas regras?
    é so colar no terminal via Winbox.

  8. #8

    Padrão

    Citação Postado originalmente por xstefanox Ver Post
    ???

    Você por acaso não respondeu a mensagem criando uma nova?

    Vou trancar e remover depois de amanhã.
    ???????????????????????????


    naum entendi???

  9. #9

    Padrão

    Bom pessoal essa coletanea de regras de firewal são utilizadas pelo meu servidor e gostaria de informar que todas elas estão nos documentos do sistema mikrotik.
    outra coisa tambem que depois que eu add essas regras o rendimento de meu servidor aumentou.

    nessas regras constan proteção ao proprio roteador
    protecao aos seus cliente
    monitoramento do servicos de rede
    drop de pacotes mal intencionados
    protecao na rede contra virus e etc

    espero que essas informações sirvam para outra pessoa pois lutei muito para deixar a minha rede do jeito que esta perfeita com mais de 100 clientes no cabo mesmo

  10. #10

    Padrão

    agora quem quiser contribuir com informações que nem essa seria uma boa porque poucos aqui fazem isso e quando se torna mais seria a coisa fica feia e a negada começa a cobrar

  11. #11

    Padrão

    cara...

    você entende o que cada regra dessa faz?

    se a resposta da pergunta acima for sim, você poderia colocar isso no manual do MT no wiki e comentar cada regra... ou não necessariamente uma por uma, mas você pode pegar uma sessão inteira e dizer o que ela faz, ae pega outra e diz o que faz.. e assim vai...

    é melhor do que você postar isso tudo aí e depois vir aquele monte de pergunta "pra que serve isso?", "o que é aquilo?", "pq isso não funciona aqui?", "deu problema aqui, e agora?"...

    valeu

  12. #12

    Padrão

    isso mesmo, ia ficar show. posta ai. se mais alguem tiver alguma regra posta ai tbem.
    assim evitamos muitos post repetitivos, pra que serve isso, pra que serve aquilo.

  13. #13

    Padrão

    Poxa, poderia avisar o quê era, não é? Assim ninguém ficaria olhando para o seu post e pensando "Hein?".

  14. #14

    Padrão

    Citação Postado originalmente por xstefanox Ver Post
    Poxa, poderia avisar o quê era, não é? Assim ninguém ficaria olhando para o seu post e pensando "Hein?".
    hehehehe

    verdade...

  15. #15

    Padrão

    blz vou fazer isso sim melhor mesmo.......

  16. #16

    Padrão

    é só chegar e editar o conteudo do wiki ou precisa de autorização

  17. #17

    Padrão

    É só você utilizar o usuário e senha do fórum.

  18. #18

    Padrão

    Blz Galera É Que Eu Sou Meio Preguicoso Para Digitar Mas Atendendo A Pedidos Vou Colocar O Que Cada Regras Faz, Ou Seja Um Lote De Regras Faz Isso E Aquilo Vlw Galera.......

  19. #19

    Padrão

    qualquer dúvida sobre o wiki, entre em contato... tem o pessoal do sitio que mexe com wiki...

  20. #20

    Padrão

    tranquilo só acho que eu vou ter um pouco de dificuldades com o wiki mas tudo bem eu me viro....