Ver Feed RSS

Mr_Dom

Bloqueando e Liberando Máquinas com Mikrotik

Avalie este Post de Blog
0 Comentários
por
Mr_Dom
em 17-12-2008 às 10:20 (14691 Visualizações)
Bom segue abaixo algumas regras para bloquear e liberar máquinas da rede, muito útil em escritórios onde o patrão deseja algumas maquinas com acesso e outras não. Segue:

Address-List:
Código :
[admin@Endrigo] ip firewall address-list> pr
Flags: X - disabled, D - dynamic 
 #   LIST           ADDRESS                        
 0   rede_interna   192.168.2.0/24                 
 1   bloqueio_total 192.168.2.200                  
 2   bloqueio_total 192.168.2.103                  
 3   bloqueio_total 192.168.2.130                  
 4   bloqueio_total 192.168.2.111                  
 5 X liberado_total 192.168.2.114                  
 6 X liberado_total 192.168.2.150                  
 7 X liberado_total 192.168.2.18                   
 8 X liberado_total 192.168.2.30                   
 9 X liberado_total 192.168.2.11                   
10   msn            207.46.110.0/24                
11   msn            207.46.27.0/24                 
12   msn            207.46.111.0/24

Filters:
Código :
/ ip firewall filter 
add chain=forward src-address-list=bloqueio_total action=drop \
comment="Bloqueio Total - Usando Address List" disabled=no 
add chain=forward src-address=!192.168.2.46 src-address-list=rede_interna \
dst-address-list=msn action=drop comment="Bloqueio de MSN - Todos menos \
Silmara \(IP\)" disabled=no 
add chain=forward src-address=!192.168.2.46 protocol=tcp dst-port=1863 \
src-address-list=rede_interna action=drop comment="Bloqueio de MSN - Todos \
menos Silmara \(Porta\)" disabled=no 
add chain=forward src-address=!192.168.2.46 protocol=tcp dst-port=5190 \
src-address-list=rede_interna action=drop comment="Bloqueio de MSN - Todos \
menos Silmara \(Porta\)" disabled=no 
add chain=forward src-address=!192.168.2.46 protocol=tcp dst-port=6901 \
src-address-list=rede_interna action=drop comment="Bloqueio de MSN - Todos \
menos Silmara \(Porta\)" disabled=no 
add chain=forward src-address=!192.168.2.46 protocol=tcp dst-port=6891 \
src-address-list=rede_interna action=drop comment="Bloqueio de MSN - Todos \
menos Silmara \(Porta\)" disabled=no 
add chain=forward src-address=!192.168.2.46 protocol=tcp dst-port=7001 \
src-address-list=rede_interna action=drop comment="Bloqueio de MSN - Todos \
menos Silmara \(Porta\)" disabled=no 
add chain=forward src-address=192.168.2.11 src-mac-address=00:0E:A6:BD:59:34 \
src-address-list=rede_interna action=accept comment="MAC x IP - Ivo" \
disabled=no 
add chain=forward src-address=192.168.2.18 src-mac-address=00:13:20:C5:0E:E0 \
src-address-list=rede_interna action=accept comment="MAC x IP - Cacildo" \
disabled=no 
add chain=forward src-address=192.168.2.30 src-mac-address=00:1F:C6:7B:8B:4B \
src-address-list=rede_interna action=accept comment="MAC x IP - Giovani" \
disabled=no 
add chain=forward src-address=192.168.2.41 src-mac-address=00:08:54:DB:30:7F \
src-address-list=rede_interna action=accept comment="MAC x IP - Giovani 2" \
disabled=no 
add chain=forward src-address=192.168.2.103 src-mac-address=00:11:D8:65:12:E7 \
src-address-list=rede_interna action=accept comment="MAC x IP - Jéssica" \
disabled=no 
add chain=forward src-address=192.168.2.111 src-mac-address=00:17:9A:7F:E1:4E \
src-address-list=rede_interna action=accept comment="MAC x IP - Jonas" \
disabled=no 
add chain=forward src-address=192.168.2.46 src-mac-address=00:1F:C6:7B:8C:7D \
src-address-list=rede_interna action=accept comment="MAC x IP - Silmara" \
disabled=no 
add chain=forward src-address=192.168.2.114 src-mac-address=00:0E:A6:BD:60:74 \
src-address-list=rede_interna action=accept comment="MAC x IP - Silmara" \
disabled=no 
add chain=forward src-address=192.168.2.130 src-mac-address=00:11:2F:6D:90:48 \
src-address-list=rede_interna action=accept comment="MAC x IP - Álvaro" \
disabled=no 
add chain=forward src-address=192.168.2.150 src-mac-address=00:08:54:DB:30:7F \
src-address-list=rede_interna action=accept comment="MAC x IP - Andréia" \
disabled=no 
add chain=forward src-address=192.168.2.151 src-mac-address=00:C0:DF:22:13:67 \
src-address-list=rede_interna action=accept comment="MAC x IP - Douglas" \
disabled=no 
add chain=forward src-address=192.168.2.200 src-mac-address=00:17:31:86:67:93 \
src-address-list=rede_interna action=accept comment="MAC x IP - Servidor" \
disabled=no 
add chain=forward src-address-list=rede_interna action=drop comment="MAC x IP \
- Bloquear todo o Resto" disabled=no

Espero que ajude alguém. Até o próximo.

Att.
Portal Medianeira Informática Ltda
Dep. de Administração de Redes
msn: [email protected]
Maiko Rodrigo Britzke
(45) 3264-6107
(45) 9973-9746
Categorias
Mikrotik

Comentários


+ Enviar Comentário