2. Fórumok
  3. Hálózat, szolgáltatók
  4. Mikrotik routerek
  • Téma összefoglaló
    Utoljára frissítve: 2025-08-03 17:27

    LOGOUT

    Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.

Új hozzászólás Aktív témák

  • #5066 brickm őstag
    Új Válasz #5066
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra
    Privát üzenet küldése

    brickm

    őstag

    Siasztok!
    tudna valaki segíteni, hogy az alábbi általam használt tűzfal jó-e, vagy valamit esetleg tennétek bele\kihagynátok\máshova raknátok?

    /ip firewall filter
    add action=accept chain=forward comment="Accept to related connections" \
    connection-state=established,related
    add action=drop chain=forward comment="Drop invalid" connection-state=invalid
    add action=drop chain=forward connection-nat-state=!dstnat in-interface=\
    pppoe-out1_DIGI
    add action=accept chain=input comment="ICMP Rule" in-interface=pppoe-out1_DIGI \
    protocol=icmp
    add action=accept chain=input dst-port=8291,40022,40021,41194 in-interface=\
    ether2-master-local protocol=tcp src-address=192.168.0.0/24
    add action=accept chain=input dst-port=80,8291,40022,40021,41194 protocol=tcp \
    src-address=192.168.90.0/24
    add action=accept chain=input comment="Enable OpenVPN connection" dst-port=\
    41194 in-interface-list=all protocol=tcp
    add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
    Bogons
    add action=drop chain=input comment=proxy dst-port=8080 in-interface=\
    pppoe-out1_DIGI protocol=tcp
    add action=drop chain=input comment=\
    "Debug rule for local settings, drop all connection from external sites" \
    dst-port=8291,40022,40021 in-interface=!ether2-master-local protocol=tcp
    add action=drop chain=input comment="Drop external IP List" src-address-list=\
    external_ports
    add action=add-src-to-address-list address-list=external_ports_21 \
    address-list-timeout=none-dynamic chain=input dst-port=21 in-interface=\
    !ether2-master-local protocol=tcp
    add action=add-src-to-address-list address-list=external_ports_22 \
    address-list-timeout=none-dynamic chain=input dst-port=22 in-interface=\
    !ether2-master-local protocol=tcp
    add action=add-src-to-address-list address-list=external_ports_23 \
    address-list-timeout=none-dynamic chain=input dst-port=23 in-interface=\
    !ether2-master-local protocol=tcp
    add action=add-src-to-address-list address-list=external_ports_80 \
    address-list-timeout=none-dynamic chain=input dst-port=80 in-interface=\
    !ether2-master-local protocol=tcp
    add action=add-src-to-address-list address-list=external_ports_443 \
    address-list-timeout=none-dynamic chain=input dst-port=443 in-interface=\
    !ether2-master-local protocol=tcp
    add action=add-src-to-address-list address-list=external_ports_1194 \
    address-list-timeout=none-dynamic chain=input dst-port=1194 in-interface=\
    !ether2-master-local protocol=tcp
    add action=add-src-to-address-list address-list=external_ports \
    address-list-timeout=none-dynamic chain=input dst-port=80,21,22,23,443,1194 \
    in-interface=!ether2-master-local protocol=tcp
    add action=drop chain=input comment="Drop external warnings" dst-port=\
    21,22,23,25,53,80,110,115,135,139,143,194,443,445,1433 in-interface=\
    pppoe-out1_DIGI protocol=tcp
    add action=drop chain=input dst-port=3306,3389,5632,5900 in-interface=\
    pppoe-out1_DIGI protocol=tcp
    add action=drop chain=input comment="Drop ssh brute forcers" dst-port=40022 \
    protocol=tcp src-address-list=ssh_blacklist
    add action=add-src-to-address-list address-list="selective masq." \
    address-list-timeout=none-dynamic chain=input comment=\
    "Local IP register to selective masq. list" dst-address=192.168.0.1 \
    dst-port=9032 protocol=tcp src-address=192.168.0.0/24 src-address-list=\
    new_user
    add action=add-src-to-address-list address-list="selective masq." \
    address-list-timeout=5m chain=input comment=\
    "Local IP register to selective masq. list time: 0d 00:05:00" dst-address=\
    192.168.0.1 dst-port=8080 protocol=tcp src-address=192.168.0.0/24 \
    src-address-list=new_user
    add action=add-src-to-address-list address-list=new_user address-list-timeout=\
    5m chain=forward comment="Scan new users" src-address=192.168.0.0/24 \
    src-address-list="!selective masq."
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new dst-port=40022 \
    protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=1w3d chain=input connection-state=new dst-port=40022 \
    protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new dst-port=40022 \
    protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new dst-port=40022 \
    protocol=tcp
    add action=accept chain=forward comment="Accept to new connections" \
    connection-state=new
    add action=drop chain=input comment="Drop anything else! " in-interface=\
    ether1-gateway

Új hozzászólás Aktív témák

Hirdetés