Setting Firewall Mikrotik Anti NetCut, Mac Cloning, Conficker dan Spam



Langsung saja Copas scriptnya

/ip firewall filter add action=accept chain=input comment=”default configuration (anti netcut, defaultnya accept)” disabled=no protocol=icmp
ANTI CONFICKER
/ ip firewall filter
add chain=forward protocol=udp src-port=135-139 action=drop comment=”;;Block W32.Kido – Conficker” disabled=no
add chain=forward protocol=udp dst-port=135-139 action=drop comment=”” disabled=no
add chain=forward protocol=udp src-port=445 action=drop comment=”” disabled=no
add chain=forward protocol=udp dst-port=445 action=drop comment=”” disabled=no
add chain=forward protocol=tcp src-port=135-139 action=drop comment=”” disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=drop comment=”” disabled=no
add chain=forward protocol=tcp src-port=445 action=drop comment=”” disabled=no
add chain=forward protocol=tcp dst-port=445 action=drop comment=”” disabled=no
add chain=forward protocol=tcp dst-port=4691 action=drop comment=”” disabled=no
add chain=forward protocol=tcp dst-port=5933 action=drop comment=”” disabled=no
add chain=forward protocol=udp dst-port=5355 action=drop comment=”Block LLMNR” disabled=no
add chain=forward protocol=udp dst-port=4647 action=drop comment=”” disabled=no
add action=drop chain=forward comment=”SMTP Deny” disabled=no protocol=tcp src-port=25
add action=drop chain=forward comment=”” disabled=no dst-port=25 protocol=tcp
BLOX SPAM
/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop
ANTI NETCUT
/ip firewall filter
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
add action=accept chain=input comment=”ANTI NETCUT” disabled=no dst-port=\ 0-65535 protocol=tcp src-address=173.203.196.1-173.203.196.254
ANTI PORT SCAN

/ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port scanners to list ” disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP FIN Stealth scan”
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/FIN scan”
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”SYN/RST scan”
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”FIN/PSH/URG scan”
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”ALL/ALL scan”
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”NMAP NULL scan”
add chain=input src-address-list=”port scanners” action=drop comment=”dropping port scanners” disabled=no
===========================================
TAMBAHAN
Ingat, urutan dibawah harus tepat…tidak boleh tertukar-tukar…
/ ip firewall filter
add chain=input in-interface=ether1 protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop
# accept 10 incorrect logins per minute
/ ip firewall filter
add chain=output action=accept protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m
#add to blacklist
/ ip firewall filter
add chain=output action=add-dst-to-address-list protocol=tcp content=”530 Login incorrect” address-list=ftp_blacklist address-list-timeout=3h

Posting Komentar

0 Komentar