Página 3 de 4 PrimeiroPrimeiro 1234 ÚltimoÚltimo
+ Responder ao Tópico



  1. #13

    Smile

    add chain=virus protocol=tcp dst-port=65506 action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no
    add chain=forward action=jump jump-target=virus comment="jump to the virus chain" disabled=yes
    add chain=forward connection-state=established action=accept comment="allow established connections" disabled=no
    add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no
    add chain=forward connection-state=invalid action=drop comment="drop invalid connections" disabled=no
    add chain=forward protocol=icmp action=accept comment="allow ping" disabled=no
    add chain=forward protocol=udp action=accept comment="allow udp" disabled=no
    add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" \
    address-list-timeout=0s comment="" disabled=no
    add chain=forward action=drop comment="drop everything else" disabled=yes
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=accept comment="" disabled=no
    add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=accept comment="" disabled=no




    ################### Essas são do mangle




    ip firewall mangle
    add chain=forward src-address=172.128.254.0/24 action=mark-connection new-connection-mark=users-con passthrough=yes \
    comment="Marca o pacotes Usuarios" disabled=no
    add chain=forward connection-mark=users-con action=mark-packet new-packet-mark=users passthrough=yes comment="" \
    disabled=no

    add chain=prerouting protocol=tcp connection-state=new action=jump jump-target=tcp-services comment="" disabled=no
    add chain=prerouting protocol=udp connection-state=new action=jump jump-target=udp-services comment="" disabled=no
    add chain=prerouting connection-state=new action=jump jump-target=other-services comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=20-21 action=mark-connection new-connection-mark=ftp \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=513-65535 dst-port=22 action=mark-connection new-connection-mark=ssh \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=23 action=mark-connection new-connection-mark=telnet \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=25 action=mark-connection new-connection-mark=smtp \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=53 dst-port=53 action=mark-connection new-connection-mark=dns passthrough=no \
    comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=80 action=mark-connection new-connection-mark=http \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=110 action=mark-connection new-connection-mark=pop3 \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=113 action=mark-connection new-connection-mark=auth \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=119 action=mark-connection new-connection-mark=nntp \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=143 action=mark-connection new-connection-mark=imap \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=161-162 action=mark-connection new-connection-mark=snmp \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=443 action=mark-connection new-connection-mark=https \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=465 action=mark-connection new-connection-mark=smtps \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=993 action=mark-connection new-connection-mark=imaps \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=995 action=mark-connection new-connection-mark=pop3s \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=1723 action=mark-connection new-connection-mark=pptp \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=2379 action=mark-connection new-connection-mark=kgs \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=3128 action=mark-connection new-connection-mark=proxy \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=3987 action=mark-connection new-connection-mark=win-ts \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=4242-4243 action=mark-connection \
    new-connection-mark=emule passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=4661-4662 dst-port=1024-65535 action=mark-connection \
    new-connection-mark=overnet passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=4711 dst-port=1024-65535 action=mark-connection new-connection-mark=emule \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=5900-5901 action=mark-connection new-connection-mark=vnc \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=6667-6669 action=mark-connection new-connection-mark=irc \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=6881-6889 action=mark-connection \
    new-connection-mark=bittorrent passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=8080 action=mark-connection new-connection-mark=http \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp src-port=1024-65535 dst-port=8291 action=mark-connection new-connection-mark=winbox \
    passthrough=no comment="" disabled=no
    add chain=tcp-services protocol=tcp action=mark-connection new-connection-mark=other-tcp passthrough=no comment="" \
    disabled=no
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=53 action=mark-connection new-connection-mark=dns \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=123 action=mark-connection new-connection-mark=ntp \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=1701 action=mark-connection new-connection-mark=l2tp \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=4665 action=mark-connection new-connection-mark=emule \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=4672 action=mark-connection new-connection-mark=emule \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=4672 dst-port=1024-65535 action=mark-connection new-connection-mark=emule \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=1024-65535 dst-port=12053 action=mark-connection new-connection-mark=overnet \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=12053 dst-port=1024-65535 action=mark-connection new-connection-mark=overnet \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp src-port=36725 dst-port=1024-65535 action=mark-connection new-connection-mark=skype \
    passthrough=no comment="" disabled=no
    add chain=udp-services protocol=udp connection-state=new action=mark-connection new-connection-mark=other-udp \
    passthrough=no comment="" disabled=no
    add chain=other-services protocol=icmp icmp-options=8:0-255 action=mark-connection new-connection-mark=ping passthrough=no \
    comment="" disabled=no
    add chain=other-services protocol=gre action=mark-connection new-connection-mark=gre passthrough=no comment="" disabled=no
    add chain=other-services action=mark-connection new-connection-mark=other passthrough=no comment="" disabled=no
    add chain=prerouting in-interface=Public dst-address-list=nat-addr action=mark-packet new-packet-mark=nat-traversal \
    passthrough=no comment="" disabled=no


    ##############################################################



    Bom pessoal essa coletanea de regras de firewal são utilizadas pelo meu servidor e gostaria de informar que todas elas estão nos documentos do sistema mikrotik.
    outra coisa tambem que depois que eu add essas regras o rendimento de meu servidor aumentou.

    nessas regras constan proteção ao proprio roteador
    protecao aos seus cliente
    monitoramento do servicos de rede
    drop de pacotes mal intencionados
    protecao na rede contra virus e etc

    espero que essas informações sirvam para outra pessoa pois lutei muito para deixar a minha rede do jeito que esta perfeita com mais de 100 clientes no cabo mesmo

  2. #14

    Padrão segurança

    Opa já que estamos falando sobre sergurança eu gosataria de saber como faço para resolver uma parada no MK, tenho uma rede de 20 clientes com MK só que tem uma coisa que eu ainda ñ resolvi, os clintes tem acesso a outro clinte, em pastas compartilhadas e impressoras compartilhadas como faço pra resolvre isso. mim ajuda ai galera



  3. #15

    Padrão

    Citação Postado originalmente por jrwireless Ver Post
    Opa já que estamos falando sobre sergurança eu gosataria de saber como faço para resolver uma parada no MK, tenho uma rede de 20 clientes com MK só que tem uma coisa que eu ainda ñ resolvi, os clintes tem acesso a outro clinte, em pastas compartilhadas e impressoras compartilhadas como faço pra resolvre isso. mim ajuda ai galera
    ola só esse problema é uma regra de firewall se eu naum to enganado
    eu vi aqui mesmo no forum..

    desculpa mas agora naum me lembro pra te falar o link

  4. #16

    Padrão

    Cara, vc usar DHCP-Server?? em network, seleciona o dhcp, propriedades e coloca em netmask=32. Acho q resolve...

    se der certo retorna...

    abraços!



  5. #17

    Padrão

    Citação Postado originalmente por jrwireless Ver Post
    Opa já que estamos falando sobre sergurança eu gosataria de saber como faço para resolver uma parada no MK, tenho uma rede de 20 clientes com MK só que tem uma coisa que eu ainda ñ resolvi, os clintes tem acesso a outro clinte, em pastas compartilhadas e impressoras compartilhadas como faço pra resolvre isso. mim ajuda ai galera


    Olá camarada!!

    Essa regra eu tenho e está nessas regras que postei ai acima, mas aqui está ela:



    add chain=forward src-address=172.16.0.1/24 dst-address=172.16.0.1/24 action=drop comment="Bloqueio acesso entre \
    usuarios" disabled=no


    Mude a classe de ip para o do seu mk, vá em new terminal e adicione essa regra que ninguém mais vê ninguém.


    Abração e espero ter ajudado.


    Roberto--- Natal-RN

  6. #18
    Avatar de marcelomg
    Ingresso
    Jan 2006
    Localização
    São Lourenço do Sul, Brazil
    Posts
    1.476

    Padrão

    Uma coisa simples e eficaz e bloquar todas portas e ir liberando so o que for conhecido, poupa tempo.