+ Responder ao Tópico



  1. #1

    Padrão Firewall Simples

    Galera , estou com meu MK funcionando belezinha.. com autenticação PPPOE, eu só gostaria de colocar algumas regras de firewall nele agora, para evitar futuros problemas com alguns tipos de virus, e invasor tbem, ou alguem que tenta ficar snnifando meu mk, essas coisas... bem simples.

    se alguem tiver alguma coisa, acho que poderia ajudar muita gente ae!

    Valeu


    --
    Bruno Richard

  2. #2

    Padrão

    Citação Postado originalmente por brunorns Ver Post
    Galera , estou com meu MK funcionando belezinha.. com autenticação PPPOE, eu só gostaria de colocar algumas regras de firewall nele agora, para evitar futuros problemas com alguns tipos de virus, e invasor tbem, ou alguem que tenta ficar snnifando meu mk, essas coisas... bem simples.

    se alguem tiver alguma coisa, acho que poderia ajudar muita gente ae!

    Valeu


    --
    Bruno Richard
    Dá uma procurada no site da mikrotik - MikroTik Routers and Wireless
    Ou mesmo - 4shared.com - file sharing network - free file search - mikrotik

  3. #3

    Padrão

    Bruno, usa esse abaixo, é funcional e simples:
    / ip firewall filter
    add chain=input connection-state=established action=accept comment="Conexoes \
    Input - Established - Related - Drop" disabled=no
    add chain=input connection-state=related action=accept comment="" disabled=no
    add chain=input connection-state=invalid action=drop comment="" disabled=no
    add chain=forward p2p=warez action=drop comment="Dropar Warez" disabled=no
    add chain=forward action=jump jump-target=virus comment="Jump to Virus Target" \
    disabled=no
    add chain=forward connection-state=established action=accept comment="Aceitar \
    Conexoes Estabelecidas" disabled=no
    add chain=forward connection-state=related action=accept comment="Aceitar \
    Conexoes Relacionadas" disabled=no
    add chain=forward connection-state=invalid action=drop comment="Dropar \
    Conexoes Invalidas" disabled=no
    add chain=virus protocol=tcp dst-port=135-139 action=drop comment="DROP \
    NetBios TCP" disabled=no
    add chain=virus protocol=udp dst-port=135-139 action=drop comment="DROP \
    NetBios UDP" disabled=no
    add chain=virus protocol=udp dst-port=445 action=drop comment="DROP Blaster \
    UDP" disabled=no
    add chain=virus protocol=tcp dst-port=445 action=drop comment="DROP Blaster \
    TCP" disabled=no
    add chain=virus protocol=tcp dst-port=593 action=drop comment="DROP 593 TCP" \
    disabled=no
    add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment="DROP \
    1024-1030 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=1080 action=drop comment="DROP MyDoom \
    TCP" disabled=no
    add chain=virus protocol=tcp dst-port=1214 action=drop comment="DROP 1214 TCP" \
    disabled=no
    add chain=virus protocol=tcp dst-port=1363-1364 action=drop comment="DROP ndm \
    1363-1364 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=1368 action=drop comment="DROP Scream \
    Cast TCP" disabled=no
    add chain=virus protocol=tcp dst-port=1373 action=drop comment="DROP hromgrafx \
    1373 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=1377 action=drop comment="DROP cichlid \
    1377 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment="DROP worm \
    1433-1434 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=2535 action=drop comment="DROP Beagle \
    2535 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=2745 action=drop comment="DROP Bagle \
    Virus 2745 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=2833 action=drop comment="DROP Dumaru.Y \
    2833 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment="DROP \
    MyDoom 3127-3128 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=3410 action=drop comment="DROP Backdoor \
    OptixPro 3410 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=4444 action=drop comment="DROP Worm 4444 \
    TCP" disabled=no
    add chain=virus protocol=tcp dst-port=5554 action=drop comment="DROP Sasser \
    5554 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=8866 action=drop comment="DROP Beagle.B \
    8866 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=9898 action=drop comment="DROP \
    Dabber.A-B 9898 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=10000 action=drop comment="DROP Dumaru.Y \
    10000 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=10080 action=drop comment="DROP MyDoom.B \
    10080 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=12345 action=drop comment="DROP NetBus \
    12345 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=17300 action=drop comment="DROP Kuang2 \
    17300 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=27374 action=drop comment="DROP SubSeven \
    27374 TCP" disabled=no
    add chain=virus protocol=tcp dst-port=65506 action=drop comment="DROP PhatBot, \
    Agobot, Gaobot 65506 TCP" disabled=no

  4. #4