firewall no mikrotik

**diegovilela01** · 04-08-2007, 12:05

ae galera alguem pode da um print no filter do seu firewall pra postar aki pra galera ter exemplos de regras, se tiver algumas duvidas de como fazer ai vai:

Entra pelo winbox -> New Terminal -> ip firewall filter print: copia e posta ae pra galera seus respectivos firewalls.

Valeu!!

**alanvictorjp** · 04-08-2007, 13:21

ai vai amigo,,
meu firewall nao eh dakeles,, segurança totall,,
mais,,
pra mim presta :P
vlw

0 ;;; Conexoes estabelicidas
chain=forward connection-state=established action=accept

1 ;;; Relacionamento de conexoes
chain=forward connection-state=related action=accept

2 ;;; Dropa conexoes invalidas
chain=forward connection-state=invalid action=drop

3 X ;;; Dropa exesso de ping
chain=forward protocol=icmp limit=50/5s,2 action=drop

4 ;;; Sem limite de ping
chain=forward protocol=icmp limit=50/5s,2 action=accept

5 X ;;; DROPAR ARQUIVOS .SCR
chain=input content=.scr action=drop

6 ;;; Bloqueio NETBIOS
chain=forward protocol=tcp dst-port=137-139 action=drop

7 ;;; Bloqueio NETBIOS 2
chain=forward protocol=tcp dst-port=445 action=drop

8 ;;; Bloqueia host se enxergar
chain=forward src-address=0.0.0.0 dst-address=0.0.0.0 action=drop

9 ;;; Limite de conexao P2P por clientes
chain=forward src-address=192.168.3.2 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

10 chain=forward src-address=192.168.3.3 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

11 chain=forward src-address=192.168.3.4 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

12 chain=forward src-address=192.168.3.5 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

13 chain=forward src-address=192.168.3.6 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

14 chain=forward src-address=192.168.3.7 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

15 chain=forward src-address=192.168.3.8 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

16 chain=forward src-address=192.168.3.9 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

17 chain=forward src-address=192.168.3.10 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

18 ;;; Limite de conexao por cliente
chain=forward src-address=192.168.3.2 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

19 chain=forward src-address=192.168.3.3 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

20 chain=forward src-address=192.168.3.4 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

21 chain=forward src-address=192.168.3.5 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

22 chain=forward src-address=192.168.3.6 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

23 chain=forward src-address=192.168.3.7 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

24 chain=forward src-address=192.168.3.8 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

25 chain=forward src-address=192.168.3.9 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

26 chain=forward src-address=192.168.3.10 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

27 chain=forward src-address=192.168.3.11 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

28 ;;; Bloqueia scan via winbox para todos
chain=input protocol=udp dst-port=5678 action=drop

29 ;;; Libera winbox para ips locais
chain=input src-address=192.168.2.2 protocol=tcp dst-port=8291 action=accept

30 chain=input src-address=192.168.2.4 protocol=tcp dst-port=8291 action=accept

31 chain=input src-address=192.168.2.3 protocol=tcp dst-port=8291 action=accept

32 ;;; Libera portas FTP SSH TELNET para ips locais
chain=input src-address=192.168.2.2 protocol=tcp dst-port=21-23 action=accept

33 chain=input src-address=192.168.2.3 protocol=tcp dst-port=21-23 action=accept

34 chain=input src-address=192.168.2.4 protocol=tcp dst-port=21-23 action=accept

35 ;;; Bloqueia porta winbox range local
chain=input src-address=192.168.2.0/24 protocol=tcp dst-port=8291 action=drop

36 chain=input src-address=192.168.3.0/24 protocol=tcp dst-port=8291 action=drop

37 ;;; Bloqueia portas FTP SSH TELNET
chain=input src-address=192.168.2.0/24 protocol=tcp dst-port=21-23 action=drop

38 chain=input src-address=192.168.3.0/24 protocol=tcp dst-port=21-23 action=drop

39 ;;; Bloqueio MAC winbox
chain=input src-address=192.168.2.0/24 protocol=tcp dst-port=20561 action=drop

40 chain=input src-address=192.168.3.0/24 protocol=tcp dst-port=20561 action=drop

41 ;;; Bloqueio do proxy externo
chain=input in-interface=LINK protocol=tcp dst-port=3128 action=drop

42 ;;; bloqueio de ssh externo
chain=input in-interface=LINK protocol=tcp dst-port=22-23 action=drop

43 ;;; bloqueio de ftp externo
chain=input in-interface=LINK protocol=tcp dst-port=21 action=drop

44 ;;; bloqueio de telnet externo
chain=input in-interface=LINK protocol=tcp dst-port=23 action=drop

45 X ;;; Bloqueio winbox externo
chain=input in-interface=LINK protocol=tcp dst-port=8291 action=drop

46 ;;; bloqueio do DNS externo
chain=input in-interface=LINK protocol=tcp dst-port=53 action=drop

47 chain=input in-interface=LINK protocol=udp dst-port=53 action=drop

48 ;;; bloqueio de VIRUS conhecidos
chain=virus protocol=tcp dst-port=445 action=drop

49 chain=virus protocol=udp dst-port=445 action=drop

50 chain=virus protocol=tcp dst-port=593 action=drop

51 chain=virus protocol=tcp dst-port=1080 action=drop

52 chain=virus protocol=tcp dst-port=1363 action=drop

53 chain=virus protocol=tcp dst-port=1364 action=drop

54 chain=virus protocol=tcp dst-port=1373 action=drop

55 chain=virus protocol=tcp dst-port=1377 action=drop

56 chain=virus protocol=tcp dst-port=1368 action=drop

57 chain=virus protocol=tcp dst-port=1433-1434 action=drop

58 chain=virus protocol=tcp dst-port=1024-1030 action=drop

59 chain=virus protocol=tcp dst-port=1214 action=drop

60 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=135-139 action=drop

61 ;;; Drop Messenger Worm
chain=virus protocol=udp dst-port=135-139 action=drop

62 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=445 action=drop

63 ;;; Drop Blaster Worm
chain=virus protocol=udp dst-port=445 action=drop

64 ;;; ________
chain=virus protocol=tcp dst-port=593 action=drop

65 ;;; ________
chain=virus protocol=tcp dst-port=1024-1030 action=drop

66 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=1080 action=drop

67 ;;; ________
chain=virus protocol=tcp dst-port=1214 action=drop

68 ;;; ndm requester
chain=virus protocol=tcp dst-port=1363 action=drop

69 ;;; ndm server
chain=virus protocol=tcp dst-port=1364 action=drop

70 ;;; screen cast
chain=virus protocol=tcp dst-port=1368 action=drop

71 ;;; hromgrafx
chain=virus protocol=tcp dst-port=1373 action=drop

72 ;;; cichlid
chain=virus protocol=tcp dst-port=1377 action=drop

73 ;;; Worm
chain=virus protocol=tcp dst-port=1433-1434 action=drop

74 ;;; Bagle Virus
chain=virus protocol=tcp dst-port=2745 action=drop

75 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=2283 action=drop

76 ;;; Drop Beagle
chain=virus protocol=tcp dst-port=2535 action=drop

77 ;;; Drop Beagle.C-K
chain=virus protocol=tcp dst-port=2745 action=drop

78 ;;; Drop porta proxy
chain=virus protocol=tcp dst-port=3127-3128 action=drop

79 ;;; Drop Backdoor OptixPro
chain=virus protocol=tcp dst-port=3410 action=drop

80 ;;; Worm
chain=virus protocol=tcp dst-port=4444 action=drop

81 ;;; Worm
chain=virus protocol=udp dst-port=4444 action=drop

82 ;;; Drop Sasser
chain=virus protocol=tcp dst-port=5554 action=drop

83 ;;; Drop Beagle.B
chain=virus protocol=tcp dst-port=8866 action=drop

84 ;;; Drop Dabber.A-B
chain=virus protocol=tcp dst-port=9898 action=drop

85 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=10000 action=drop

86 ;;; Drop MyDoom.B
chain=virus protocol=tcp dst-port=10080 action=drop

87 ;;; Drop NetBus
chain=virus protocol=tcp dst-port=12345 action=drop

88 ;;; Drop Kuang2
chain=virus protocol=tcp dst-port=17300 action=drop

89 ;;; Drop SubSeven
chain=virus protocol=tcp dst-port=27374 action=drop

90 ;;; Drop PhatBot, Agobot, Gaobot
chain=virus protocol=tcp dst-port=65506 action=drop

**diegovilela01** · 04-08-2007, 13:31

Postado originalmente por alanvictorjp

ai vai amigo,,
meu firewall nao eh dakeles,, segurança totall,,
mais,,
pra mim presta :P
vlw

0 ;;; Conexoes estabelicidas
chain=forward connection-state=established action=accept

1 ;;; Relacionamento de conexoes
chain=forward connection-state=related action=accept

2 ;;; Dropa conexoes invalidas
chain=forward connection-state=invalid action=drop

3 X ;;; Dropa exesso de ping
chain=forward protocol=icmp limit=50/5s,2 action=drop

4 ;;; Sem limite de ping
chain=forward protocol=icmp limit=50/5s,2 action=accept

5 X ;;; DROPAR ARQUIVOS .SCR
chain=input content=.scr action=drop

6 ;;; Bloqueio NETBIOS
chain=forward protocol=tcp dst-port=137-139 action=drop

7 ;;; Bloqueio NETBIOS 2
chain=forward protocol=tcp dst-port=445 action=drop

8 ;;; Bloqueia host se enxergar
chain=forward src-address=0.0.0.0 dst-address=0.0.0.0 action=drop

9 ;;; Limite de conexao P2P por clientes
chain=forward src-address=192.168.3.2 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

10 chain=forward src-address=192.168.3.3 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

11 chain=forward src-address=192.168.3.4 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

12 chain=forward src-address=192.168.3.5 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

13 chain=forward src-address=192.168.3.6 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

14 chain=forward src-address=192.168.3.7 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

15 chain=forward src-address=192.168.3.8 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

16 chain=forward src-address=192.168.3.9 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

17 chain=forward src-address=192.168.3.10 protocol=tcp p2p=all-p2p connection-limit=3,32 action=drop

18 ;;; Limite de conexao por cliente
chain=forward src-address=192.168.3.2 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

19 chain=forward src-address=192.168.3.3 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

20 chain=forward src-address=192.168.3.4 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

21 chain=forward src-address=192.168.3.5 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

22 chain=forward src-address=192.168.3.6 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

23 chain=forward src-address=192.168.3.7 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

24 chain=forward src-address=192.168.3.8 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

25 chain=forward src-address=192.168.3.9 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

26 chain=forward src-address=192.168.3.10 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

27 chain=forward src-address=192.168.3.11 protocol=tcp tcp-flags=syn connection-limit=6,32 action=drop

28 ;;; Bloqueia scan via winbox para todos
chain=input protocol=udp dst-port=5678 action=drop

29 ;;; Libera winbox para ips locais
chain=input src-address=192.168.2.2 protocol=tcp dst-port=8291 action=accept

30 chain=input src-address=192.168.2.4 protocol=tcp dst-port=8291 action=accept

31 chain=input src-address=192.168.2.3 protocol=tcp dst-port=8291 action=accept

32 ;;; Libera portas FTP SSH TELNET para ips locais
chain=input src-address=192.168.2.2 protocol=tcp dst-port=21-23 action=accept

33 chain=input src-address=192.168.2.3 protocol=tcp dst-port=21-23 action=accept

34 chain=input src-address=192.168.2.4 protocol=tcp dst-port=21-23 action=accept

35 ;;; Bloqueia porta winbox range local
chain=input src-address=192.168.2.0/24 protocol=tcp dst-port=8291 action=drop

36 chain=input src-address=192.168.3.0/24 protocol=tcp dst-port=8291 action=drop

37 ;;; Bloqueia portas FTP SSH TELNET
chain=input src-address=192.168.2.0/24 protocol=tcp dst-port=21-23 action=drop

38 chain=input src-address=192.168.3.0/24 protocol=tcp dst-port=21-23 action=drop

39 ;;; Bloqueio MAC winbox
chain=input src-address=192.168.2.0/24 protocol=tcp dst-port=20561 action=drop

40 chain=input src-address=192.168.3.0/24 protocol=tcp dst-port=20561 action=drop

41 ;;; Bloqueio do proxy externo
chain=input in-interface=LINK protocol=tcp dst-port=3128 action=drop

42 ;;; bloqueio de ssh externo
chain=input in-interface=LINK protocol=tcp dst-port=22-23 action=drop

43 ;;; bloqueio de ftp externo
chain=input in-interface=LINK protocol=tcp dst-port=21 action=drop

44 ;;; bloqueio de telnet externo
chain=input in-interface=LINK protocol=tcp dst-port=23 action=drop

45 X ;;; Bloqueio winbox externo
chain=input in-interface=LINK protocol=tcp dst-port=8291 action=drop

46 ;;; bloqueio do DNS externo
chain=input in-interface=LINK protocol=tcp dst-port=53 action=drop

47 chain=input in-interface=LINK protocol=udp dst-port=53 action=drop

48 ;;; bloqueio de VIRUS conhecidos
chain=virus protocol=tcp dst-port=445 action=drop

49 chain=virus protocol=udp dst-port=445 action=drop

50 chain=virus protocol=tcp dst-port=593 action=drop

51 chain=virus protocol=tcp dst-port=1080 action=drop

52 chain=virus protocol=tcp dst-port=1363 action=drop

53 chain=virus protocol=tcp dst-port=1364 action=drop

54 chain=virus protocol=tcp dst-port=1373 action=drop

55 chain=virus protocol=tcp dst-port=1377 action=drop

56 chain=virus protocol=tcp dst-port=1368 action=drop

57 chain=virus protocol=tcp dst-port=1433-1434 action=drop

58 chain=virus protocol=tcp dst-port=1024-1030 action=drop

59 chain=virus protocol=tcp dst-port=1214 action=drop

60 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=135-139 action=drop

61 ;;; Drop Messenger Worm
chain=virus protocol=udp dst-port=135-139 action=drop

62 ;;; Drop Blaster Worm
chain=virus protocol=tcp dst-port=445 action=drop

63 ;;; Drop Blaster Worm
chain=virus protocol=udp dst-port=445 action=drop

64 ;;; ________
chain=virus protocol=tcp dst-port=593 action=drop

65 ;;; ________
chain=virus protocol=tcp dst-port=1024-1030 action=drop

66 ;;; Drop MyDoom
chain=virus protocol=tcp dst-port=1080 action=drop

67 ;;; ________
chain=virus protocol=tcp dst-port=1214 action=drop

68 ;;; ndm requester
chain=virus protocol=tcp dst-port=1363 action=drop

69 ;;; ndm server
chain=virus protocol=tcp dst-port=1364 action=drop

70 ;;; screen cast
chain=virus protocol=tcp dst-port=1368 action=drop

71 ;;; hromgrafx
chain=virus protocol=tcp dst-port=1373 action=drop

72 ;;; cichlid
chain=virus protocol=tcp dst-port=1377 action=drop

73 ;;; Worm
chain=virus protocol=tcp dst-port=1433-1434 action=drop

74 ;;; Bagle Virus
chain=virus protocol=tcp dst-port=2745 action=drop

75 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=2283 action=drop

76 ;;; Drop Beagle
chain=virus protocol=tcp dst-port=2535 action=drop

77 ;;; Drop Beagle.C-K
chain=virus protocol=tcp dst-port=2745 action=drop

78 ;;; Drop porta proxy
chain=virus protocol=tcp dst-port=3127-3128 action=drop

79 ;;; Drop Backdoor OptixPro
chain=virus protocol=tcp dst-port=3410 action=drop

80 ;;; Worm
chain=virus protocol=tcp dst-port=4444 action=drop

81 ;;; Worm
chain=virus protocol=udp dst-port=4444 action=drop

82 ;;; Drop Sasser
chain=virus protocol=tcp dst-port=5554 action=drop

83 ;;; Drop Beagle.B
chain=virus protocol=tcp dst-port=8866 action=drop

84 ;;; Drop Dabber.A-B
chain=virus protocol=tcp dst-port=9898 action=drop

85 ;;; Drop Dumaru.Y
chain=virus protocol=tcp dst-port=10000 action=drop

86 ;;; Drop MyDoom.B
chain=virus protocol=tcp dst-port=10080 action=drop

87 ;;; Drop NetBus
chain=virus protocol=tcp dst-port=12345 action=drop

88 ;;; Drop Kuang2
chain=virus protocol=tcp dst-port=17300 action=drop

89 ;;; Drop SubSeven
chain=virus protocol=tcp dst-port=27374 action=drop

90 ;;; Drop PhatBot, Agobot, Gaobot
chain=virus protocol=tcp dst-port=65506 action=drop

Valeu alanvictorjp, e ai galera mais alguem!!!

**parreira13** · 04-08-2007, 16:09

boa tarde pessoal, o meu também não e tão bom quanto dos colegas mais está funfando legal pra minha situação.
0 ;;; Drop Netbios e Similar
chain=forward protocol=udp dst-port=135 action=drop

1 chain=forward protocol=tcp dst-port=135 action=drop

2 chain=forward protocol=udp dst-port=137 action=drop

3 chain=forward protocol=udp dst-port=137 action=drop

4 chain=forward protocol=udp dst-port=138 action=drop

5 chain=forward protocol=tcp dst-port=138 action=drop

6 chain=forward protocol=udp dst-port=139 action=drop

7 chain=forward protocol=tcp dst-port=139 action=drop

8 chain=forward protocol=tcp dst-port=445 action=drop

9 chain=forward protocol=udp dst-port=445 action=drop

10 ;;; acessar winbox somente administrador
chain=input protocol=tcp dst-port=8291 src-mac-address=xx:xx:xx:XX:XX:xx action=accept

11 ;;; bloquear winbox em todos
chain=input protocol=tcp dst-port=8291 action=drop

12 X ;;; Quebra de Criptografia Warez

**LangoLango** · 20-09-2007, 16:13

Postado originalmente por parreira13

boa tarde pessoal, o meu também não e tão bom quanto dos colegas mais está funfando legal pra minha situação.
0 ;;; Drop Netbios e Similar
chain=forward protocol=udp dst-port=135 action=drop

1 chain=forward protocol=tcp dst-port=135 action=drop

2 chain=forward protocol=udp dst-port=137 action=drop

3 chain=forward protocol=udp dst-port=137 action=drop

4 chain=forward protocol=udp dst-port=138 action=drop

5 chain=forward protocol=tcp dst-port=138 action=drop

6 chain=forward protocol=udp dst-port=139 action=drop

7 chain=forward protocol=tcp dst-port=139 action=drop

8 chain=forward protocol=tcp dst-port=445 action=drop

9 chain=forward protocol=udp dst-port=445 action=drop

10 ;;; acessar winbox somente administrador
chain=input protocol=tcp dst-port=8291 src-mac-address=xx:xx:xx:XX:XX:xx action=accept

11 ;;; bloquear winbox em todos
chain=input protocol=tcp dst-port=8291 action=drop

12 X ;;; Quebra de Criptografia Warez

Amigo e essa regra da porcaria do Warez, nossa isso ta me ferrando e nao sei resolver isso.. o UP vai la encima nossa

sera que pode me ajudar

**JefersonSoares** · 25-09-2007, 15:47

fala meu amigo;

dá uma olhadinha nesse post aqui, acho que ele vai resolver seu problema!!
https://under-linux.org/forums/mikro...ncionando.html

firewall no mikrotik

Ferramentas de Tópicos

firewall no mikrotik

firewall