Página 2 de 2 PrimeiroPrimeiro 12
+ Responder ao Tópico



  1. Amigos... ai vai a Filter Rules

    0 ;;; Drop Netbios e Similar
    chain=input protocol=udp src-port=135 action=drop

    1 chain=input protocol=tcp src-port=135 action=drop

    2 chain=input protocol=udp src-port=137 action=drop

    3 chain=input protocol=tcp src-port=137 action=drop

    4 chain=input protocol=udp src-port=138 action=drop

    5 chain=input protocol=tcp src-port=138 action=drop

    6 chain=input protocol=udp src-port=139 action=drop

    7 chain=input protocol=tcp src-port=139 action=drop

    8 chain=input protocol=tcp src-port=445 action=drop

    9 chain=input protocol=udp src-port=445 action=drop

    10 ;;; Bloqueio de acesso externo ao proxy
    chain=input in-interface=ether1 protocol=tcp dst-port=3126 action=drop

    11 ;;; drop invalid packets
    chain=input connection-state=invalid action=drop

    12 ;;; accept related packets
    chain=input connection-state=related action=accept

    13 ;;; accept established packets
    chain=input connection-state=established action=accept

    14 chain=input src-address=200.101.81.0/24 action=accept

    15 chain=input src-address=201.34.35.0/24 action=accept

    16 ;;; Bloqueio da Porta 22-23
    chain=input src-address-list=drop_port_22_23 action=drop

    17 ;;; detect and drop port scan connections
    chain=input protocol=tcp psd=21,3s,3,1 action=drop

    18 ;;; drop bogon IP's
    chain=input in-interface=ether1 src-address-list=not_in_internet
    action=drop

    19 ;;; jump to chain ICMP
    chain=input protocol=icmp action=jump jump-target=ICMP

    20 ;;; jump to chain services
    chain=input action=jump jump-target=services

    21 ;;; drop everything else
    chain=input action=drop

    22 ;;; 0:0 and limit for 5pac/s
    chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept

    23 ;;; 3:3 and limit for 5pac/s
    chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept

    24 ;;; 3:4 and limit for 5pac/s
    chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept

    25 ;;; 8:0 and limit for 5pac/s
    chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept

    26 ;;; 11:0 and limit for 5pac/s
    chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept

    27 ;;; Drop everything else
    chain=ICMP protocol=icmp action=drop

    28 ;;; accept localhost
    chain=services src-address=127.0.0.1 dst-address=127.0.0.1 action=accept

    29 ;;; allow ftp
    chain=services protocol=tcp dst-port=20-21 action=accept

    30 ;;; allow sftp, ssh
    chain=services protocol=tcp dst-port=22 action=accept

    31 ;;; allow telnet
    chain=services protocol=tcp dst-port=23 action=accept

    32 ;;; allow http, webbox
    chain=services protocol=tcp dst-port=8081 action=accept

    33 ;;; Allow winbox
    chain=services protocol=tcp dst-port=8291 action=accept

    34 ;;; allow MACwinbox
    chain=services protocol=udp dst-port=20561 action=accept

    35 ;;; Bandwidth server
    chain=services protocol=tcp dst-port=2000 action=accept

    36 ;;; MT Discovery Protocol
    chain=services protocol=udp dst-port=5678 action=accept

    37 ;;; allow DNS request
    chain=services protocol=tcp dst-port=53 action=accept

    38 ;;; Allow DNS request
    chain=services protocol=udp dst-port=53 action=accept

    39 ;;; allow L2TP
    chain=services protocol=udp dst-port=1701 action=accept

    40 ;;; allow PPTP
    chain=services protocol=tcp dst-port=1723 action=accept

    41 ;;; allow PPTP and EoIP
    chain=services protocol=gre action=accept

    42 ;;; allow IPIP
    chain=services protocol=ipencap action=accept

    43 ;;; UPnP
    chain=services protocol=udp dst-port=1900 action=accept

    44 ;;; UPnP
    chain=services protocol=tcp dst-port=2828 action=accept

    45 ;;; allow DHCP
    chain=services protocol=udp dst-port=67-68 action=accept

    46 ;;; allow Web Proxy
    chain=services protocol=tcp dst-port=3126 action=accept

    47 ;;; allow NTP
    chain=services protocol=tcp dst-port=123 action=accept

    48 ;;; allow SNMP
    chain=services protocol=tcp dst-port=161 action=accept

    49 ;;; allow https for Hotspot
    chain=services protocol=tcp dst-port=443 action=accept

    50 ;;; allow Socks for Hotspot
    chain=services protocol=tcp dst-port=1080 action=accept

    51 ;;; allow IPSec connections
    chain=services protocol=udp dst-port=500 action=accept

    52 ;;; allow IPSec
    chain=services protocol=ipsec-esp action=accept

    53 ;;; allow IPSec
    chain=services protocol=ipsec-ah action=accept

    54 ;;; Allow BGP
    chain=services protocol=tcp dst-port=179 action=accept

    55 ;;; allow RIP
    chain=services protocol=udp dst-port=520-521 action=accept

    56 ;;; allow OSPF
    chain=services protocol=ospf action=accept

    57 ;;; allow BGP
    chain=services protocol=udp dst-port=5000-5100 action=accept

    58 ;;; allow Telephony
    chain=services protocol=tcp dst-port=1720 action=accept

    59 ;;; allow Telephony
    chain=services protocol=udp dst-port=1719 action=accept

    60 ;;; allow VRRP
    chain=services protocol=vrrp action=accept

    61 ;;; Drop Blaster Worm
    chain=virus protocol=tcp dst-port=135-139 action=drop

    62 ;;; Drop Messenger Worm
    chain=virus protocol=udp dst-port=135-139 action=drop

    63 ;;; Drop Blaster Worm
    chain=virus protocol=tcp dst-port=445 action=drop

    64 ;;; Drop Blaster Worm
    chain=virus protocol=udp dst-port=445 action=drop

    65 ;;; ________
    chain=virus protocol=tcp dst-port=593 action=drop

    66 ;;; ________
    chain=virus protocol=tcp dst-port=1024-1030 action=drop

    67 ;;; Drop MyDoom
    chain=virus protocol=tcp dst-port=1080 action=drop

    68 ;;; ________
    chain=virus protocol=tcp dst-port=1214 action=drop

    69 ;;; ndm requester
    chain=virus protocol=tcp dst-port=1363 action=drop

    70 ;;; ndm server
    chain=virus protocol=tcp dst-port=1364 action=drop

    71 ;;; screen cast
    chain=virus protocol=tcp dst-port=1368 action=drop

    72 ;;; hromgrafx
    chain=virus protocol=tcp dst-port=1373 action=drop

    73 ;;; cichlid
    chain=virus protocol=tcp dst-port=1377 action=drop

    74 ;;; Worm
    chain=virus protocol=tcp dst-port=1433-1434 action=drop

    75 ;;; Bagle Virus
    chain=virus protocol=tcp dst-port=2745 action=drop

    76 ;;; Drop Dumaru.Y
    chain=virus protocol=tcp dst-port=2283 action=drop

    77 ;;; Drop Beagle
    chain=virus protocol=tcp dst-port=2535 action=drop

    78 ;;; Drop Beagle.C-K
    chain=virus protocol=tcp dst-port=2745 action=drop

    79 ;;; Drop MyDoom
    chain=virus protocol=tcp dst-port=3127-3128 action=drop

    80 ;;; Drop Backdoor OptixPro
    chain=virus protocol=tcp dst-port=3410 action=drop

    81 ;;; Worm
    chain=virus protocol=tcp dst-port=4444 action=drop

    82 ;;; Worm
    chain=virus protocol=udp dst-port=4444 action=drop

    83 ;;; Drop Sasser
    chain=virus protocol=tcp dst-port=5554 action=drop

    84 ;;; Drop Beagle.B
    chain=virus protocol=tcp dst-port=8866 action=drop

    85 ;;; Drop Dabber.A-B
    chain=virus protocol=tcp dst-port=9898 action=drop

    86 ;;; Drop Dumaru.Y
    chain=virus protocol=tcp dst-port=10000 action=drop

    87 ;;; Drop MyDoom.B
    chain=virus protocol=tcp dst-port=10080 action=drop

    88 ;;; Drop NetBus
    chain=virus protocol=tcp dst-port=12345 action=drop

    89 ;;; Drop Kuang2
    chain=virus protocol=tcp dst-port=17300 action=drop

    90 ;;; Drop SubSeven
    chain=virus protocol=tcp dst-port=27374 action=drop

    91 ;;; Drop PhatBot, Gaobot
    chain=virus protocol=tcp dst-port=65506 action=drop

    92 ;;; Drop Netbios e Similar
    chain=forward protocol=udp dst-port=135 action=drop

    93 chain=forward protocol=tcp dst-port=135 action=drop

    94 chain=forward protocol=udp dst-port=137 action=drop

    95 chain=forward protocol=tcp dst-port=137 action=drop

    96 chain=forward protocol=udp dst-port=138 action=drop

    97 chain=forward protocol=tcp dst-port=138 action=drop

    98 chain=forward protocol=udp dst-port=139 action=drop

    99 chain=forward protocol=tcp dst-port=139 action=drop

    100 chain=forward protocol=tcp dst-port=445 action=drop

    101 chain=forward protocol=udp dst-port=445 action=drop

    102 ;;; tratamento de p2p
    chain=forward p2p=all-p2p action=jump jump-target=P2P

    103 ;;; drop invalid packets
    chain=forward connection-state=invalid action=drop

    104 ;;; accept related packets
    chain=forward connection-state=related action=accept

    105 ;;; accept established packets
    chain=forward connection-state=established action=accept

    106 ;;; drop all that is not from unicast
    chain=forward src-address-type=!unicast action=drop

    107 ;;; jump to chain ICMP
    chain=forward protocol=icmp action=jump jump-target=ICMP

    108 ;;; jump to virus chain
    chain=forward action=jump jump-target=virus

    109 ;;; drop invalid packets
    chain=output connection-state=invalid action=drop

    110 ;;; accept related packets
    chain=output connection-state=related action=accept

    111 ;;; accept established packets
    chain=output connection-state=established action=accept

    112 ;;; conection limit 60
    chain=forward protocol=tcp tcp-flags=syn connection-limit=60,32
    action=drop

    113 ;;; Libera P2P para cliente TESTE
    chain=P2P src-address=10.10.1.2 protocol=tcp p2p=all-p2p action=accept

    114 chain=P2P dst-address=10.10.1.2 protocol=tcp p2p=all-p2p action=accept

    115 chain=P2P p2p=all-p2p action=drop

  2. O NAT

    chain=srcnat src-address=10.10.0.0/16 action=masquerade

    chain=srcnat src-address=20.20.0.0/16 action=masquerade

    chain=srcnat src-address=30.30.0.0/16 action=masquerade

    chain=srcnat src-address=40.40.0.0/16 action=masquerade

    chain=dstnat src-address=10.10.0.0/16 protocol=tcp dst-port=80
    action=redirect to-ports=3126

    chain=dstnat src-address=20.20.0.0/16 protocol=tcp dst-port=80
    action=redirect to-ports=3126

    chain=dstnat src-address=30.30.0.0/16 protocol=tcp dst-port=80
    action=redirect to-ports=3126

    chain=dstnat src-address=40.40.0.0/16 protocol=tcp dst-port=80
    action=redirect to-ports=3126



  3. 0 ;;; Ajuste de Bloqueio SSH e Telnet
    chain=prerouting protocol=tcp dst-port=22-23
    action=add-src-to-address-list address-list=drop_port_22_23
    address-list-timeout=0s

    1 ;;; MSN
    chain=prerouting protocol=tcp src-port=1863 action=mark-packet
    new-packet-mark=msn-out passthrough=yes

    2 chain=prerouting protocol=tcp dst-port=1863 action=mark-packet
    new-packet-mark=msn-in passthrough=yes

    3 ;;; HTTP
    chain=prerouting protocol=tcp dst-port=80 action=mark-connection
    new-connection-mark=http_conn passthrough=yes

    4 chain=prerouting connection-mark=http_conn action=mark-packet
    new-packet-mark=http_down passthrough=yes

  4. # LIST ADDRESS
    0 not_in_internet 0.0.0.0/8
    1 not_in_internet 169.254.0.0/16
    2 not_in_internet 127.0.0.0/8
    3 not_in_internet 224.0.0.0/3
    4 drop_port_22_23 0.0.0.0
    5 port scaners 0.0.0.0


    Obrigado






Tópicos Similares

  1. Duvida sobre Mikrotik - uso do "!"
    Por eneolliver no fórum Redes
    Respostas: 6
    Último Post: 28-10-2011, 10:39
  2. Dúvidas sobre Mikrotik, quero montar uma rede
    Por Abednego no fórum Redes
    Respostas: 9
    Último Post: 03-05-2009, 19:30
  3. Mais Dúvidas sobre mikrotik como station!!!
    Por Josevaldo no fórum Redes
    Respostas: 2
    Último Post: 03-07-2007, 23:01
  4. Dúvidas Sobre Mikrotik
    Por fabiocp1984 no fórum Redes
    Respostas: 2
    Último Post: 15-02-2007, 10:43
  5. Duvida sobre Mikrotik AP e Client qual a diferença
    Por cleciorodrigo no fórum Redes
    Respostas: 1
    Último Post: 04-09-2006, 06:58

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L