Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 5 of 5
  1. #1
    Status
    Offline
    awarmanf's Avatar
    Member
    Join Date
    Apr 2008
    Posts
    222
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    Default policy firewall di mikrotik

    Kalau di linux, ada default policy firewall (iptables) bisa diset seperti ini:

    IPTABLES="/usr/sbin/iptables"
    $IPTABLES -P INPUT DROP
    $IPTABLES -P FORWARD DROP
    $IPTABLES -P OUTPUT DROP
    ...
    # set rule untuk accept koneksi

    Nah, kalau di mikrotik bisa tidak kita set default policy firewall, misalnya, DROP setelah itu baru buat rule2 yg perlu untuk ACCEPT ?

    Terimakasih.

  2. #2
    Status
    Offline
    scorpion14's Avatar
    Member Senior
    Join Date
    Sep 2007
    Posts
    306
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    bisa........

  3. #3
    Status
    Offline
    princenux's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    264
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    caranya ???

  4. #4
    Status
    Offline
    d3v4's Avatar
    Forum Guru
    Join Date
    Jul 2007
    Location
    di alam baka
    Posts
    1,015
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    mikrotik ngebaca rules itu dari atas ke bawah.. coba liat ini :

    / ip firewall filter
    add chain=input connection-state=established comment="Accept established connections"
    add chain=input connection-state=related comment="Accept related connections"
    add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
    add chain=input protocol=udp action=accept comment="UDP" disabled=no
    add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
    add chain=input protocol=icmp action=drop comment="Drop excess pings"
    add chain=input protocol=tcp dst-port=22 comment="SSH for secure shell"
    add chain=input protocol=tcp dst-port=8291 comment="winbox"
    # Edit these rules to reflect your actual IP addresses! #
    add chain=input src-address=159.148.172.192/28 comment="From Mikrotikls network"
    add chain=input src-address=10.0.0.0/8 comment="From our private LAN"
    # End of Edit #
    add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
    add chain=input action=drop comment="Drop everything else"

    klo iptables juga dalam satu file setau gw juga ngebaca dari atas kebawah

    di paling bawah ada :

    iptables -A INPUT -i $EXT_IF -j LOG --log-prefix "unknown connection:"
    iptables -A INPUT -i $EXT_IF -j DROP


    kecuali pake JUMP rules Click here to enlarge


    sama aja lah...eh nggak tau juga klo ada script iptables yang canggih2 sekarang ini Click here to enlarge
    Last edited by d3v4; 17-06-2008 at 13:10.

  5. #5
    Status
    Offline
    t3rm's Avatar
    Member Super Senior
    Join Date
    Aug 2007
    Posts
    665
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Lah ini pembahasannya sama aja.

    Dalemannya si Mikrotik itu = iptables juga ..

    Click here to enlarge


    Jadi memang gak ada Default Policy di mikrotik.
    Caranya kalau mau bikin default drop, ya udah tambahin aja rule untuk drop di bagian paling bawah

    sama aja koq ..

    Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 85
    Last Post: 24-07-2015, 08:55
  2. Firewall - Address List
    By Dody in forum Beginner Basics
    Replies: 18
    Last Post: 21-08-2010, 17:03
  3. Confused.. Policy Routing
    By brian in forum Beginner Basics
    Replies: 9
    Last Post: 13-08-2008, 02:53
  4. flood....again need firewall
    By wp11b in forum General Networking
    Replies: 29
    Last Post: 14-01-2008, 17:38
  5. Tanya Firewall di Mikrotik
    By indrasakti in forum Beginner Basics
    Replies: 1
    Last Post: 19-12-2007, 19:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •