Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
  1. #16
    Status
    Offline
    atut's Avatar
    Member
    Join Date
    Aug 2012
    Posts
    154
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    thanks kecoadisqo, tapi bagaimana untuk block ether2 ke ether1 (semua port, tidak hanya icmp)?

    terus bagaimana tuh add chain=virus?
    ip firewall add chain=virus?
    bukannya firewall cuma ada chain input, output dan forward, mana ada chain virus?
    Last edited by atut; 27-08-2012 at 14:07.

  2. #17
    Status
    Offline
    atut's Avatar
    Member
    Join Date
    Aug 2012
    Posts
    154
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gan... 192.168.1.2 (ether1) adalah gateway dari LAN saya...

    kalo saya tambahin /ip firewall filter chain=input action=drop protocol=!icmp dst-address=192.168.1.2 in-interface=ether2
    kok jadinya LAN tidak bisa akses Internet?

    saya bermaksud tambahin command tersebut untuk mencegah client ssh, telnet, ftp, dll ke 192.168.1.2 kecuali hanya boleh ping
    malah jadinya client ga bisa internet Click here to enlarge

    Bagaimana cara block client yang coba akses langsung ke 192.168.1.2 (kecuali ping) tapi masih bisa akses Internet?

  3. #18
    Status
    Offline
    Anto.PJ's Avatar
    Forum Guru
    Join Date
    May 2011
    Location
    macz
    Posts
    1,696
    Reviews
    Read 0 Reviews
    Downloads
    7
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by atut Click here to enlarge
    thanks kecoadisqo, tapi bagaimana untuk block ether2 ke ether1 (semua port, tidak hanya icmp)?

    terus bagaimana tuh add chain=virus?
    ip firewall add chain=virus?
    bukannya firewall cuma ada chain input, output dan forward, mana ada chain virus?
    coba chek di action, disitu ada jump..
    Code:
    chain=input in-interface=xxx action=jump jump-target=virus
    sebenarnya kalo mau lebih expert, ente bisa menggunakan tabel mangle bersama2 dengan tabel filter..

    Click here to enlarge Originally Posted by atut Click here to enlarge
    gan... 192.168.1.2 (ether1) adalah gateway dari LAN saya...

    kalo saya tambahin /ip firewall filter chain=input action=drop protocol=!icmp dst-address=192.168.1.2 in-interface=ether2
    kok jadinya LAN tidak bisa akses Internet?
    saya bermaksud tambahin command tersebut untuk mencegah client ssh, telnet, ftp, dll ke 192.168.1.2 kecuali hanya boleh ping
    malah jadinya client ga bisa internet Click here to enlarge
    Bagaimana cara block client yang coba akses langsung ke 192.168.1.2 (kecuali ping) tapi masih bisa akses Internet?
    gimana kalo metodenya diganti, bisa ngakses tapi dibatasi..
    ini pentingnya pengetahuan property di ip firewall filter
    misalnya, klien tersebut apabila coba ngakses sekali, berikutnya bakal di blok selama sejam..
    misalnya, klien tersebut, mencoba nge flood, bakal di blok selama seminggu
    untuk metode diatas, hanya perlu perhatikan option di action, disitu ada add-src(dst)-to-address-list
    coba di chek bagian address-list, disitu ente bisa bikin 1 rule untuk 10 ip, 100 ip..

    lagian gini lo gan, meskipun ente blok gimanapun, attacking selamanya tidak bergantung pada baris rule firewall, tapi umumya pada kekuatan resource router
    tapi firewall yang benar, akan membantu mengurangi beban resource router. disinilah pentingnya pen-test

    coba dengan rule sederhana ini,
    chain=input in-interface=xxx protocol=icmp action=drop
    trus lakukan ping-flood 100.000 pps,

  4. The Following User Says Thank You to Anto.PJ For This Useful Post:


  5. #19
    Status
    Offline
    atut's Avatar
    Member
    Join Date
    Aug 2012
    Posts
    154
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wadoh expert benar, saya sampai bingung2 membacanya, perlu waktu untuk cerna...

    anyway thanks gan

  6. #20
    Status
    Offline
    tepupunk's Avatar
    Baru Gabung
    Join Date
    May 2010
    Posts
    12
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Click here to enlarge Originally Posted by atut Click here to enlarge
    WOW!!! berhasil gan... mantap gan suhu... thanks banyak ya...
    padahal cari2 ke mana gak bisa, malah ada yang bilang impossible....
    thank you thank you
    koq saya tetep ga bisa yah... huhuh bingung knp/
    pake rb450G

    mohon pencerahan... suhu suhu...

  7. #21
    Status
    Offline
    faisalsaleh's Avatar
    Baru Gabung
    Join Date
    May 2014
    Posts
    2
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    gan munanya.. agar si penyerang DDOS keblock atau RTO ketika melakukan serangan, seting rule di firewallnya gmna?
    terimakasi sebelumnya

 

 
Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Firewall untuk block virus
    By c0nf in forum Tutorial
    Replies: 30
    Last Post: 12-02-2016, 11:39
  2. [ASK] script auto filter firewall block
    By arzhi in forum Scripting @ Mikrotik
    Replies: 3
    Last Post: 06-05-2012, 10:22
  3. setting firewall
    By suck-kay in forum Beginner Basics
    Replies: 2
    Last Post: 08-01-2010, 23:34
  4. <ask>cara block ping
    By daichi in forum General Networking
    Replies: 3
    Last Post: 19-11-2009, 00:54

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •