Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 7 of 7
  1. #1
    Status
    Offline
    earthlink's Avatar
    Newbie
    Join Date
    Jun 2008
    Posts
    36
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    [ask] ttg rule firewall filter MT .. benarkah ??

    aloww semua.. gua mau tanya.. baik kah rules firewall filter di bawah ini dan sudah benar semua ngak ?? sama gua tanya sedikit maksud dari beberapa rulesnya.. rule ini gua jg dapet dari orang laen.. lupa ambil di mana.. mungkin jg dari forum ini Click here to enlarge

    MT versi 2.9.27 ..

    ISP --- Mikrotik --- Switching -- client1 - clientxx

    MT menggunakan Web Proxy enable di port 3128..

    /ip firewall nat
    0 ;;; NATING
    chain=srcnat out-interface=Internet src-address=192.168.0.0/24
    action=masquerade

    1 ;;; Make Transparent Proxy to port 3128
    chain=dstnat in-interface=LAN protocol=tcp dst-port=80 action=redirect
    to-ports=3128

    ------
    rule di bawah ini yg gua mau tanya

    /ip firewall filter

    0 ;;; Make sure proxy is NOT a Open Proxy
    chain=input in-interface=Internet src-address=0.0.0.0/0 protocol=tcp
    dst-port=3128 action=drop ->>benarkan ini rules di posisi paling atas ??

    1 ;;; allow established connections bandingin ini rule dgn rule 22
    chain=forward connection-state=established action=accept

    2 ;;; allow related connections
    chain=forward connection-state=related action=accept

    3 ;;; Drop Messenger Worm
    chain=virus protocol=udp dst-port=135-139 action=drop

    4 ;;; drop invalid connections
    chain=forward connection-state=invalid action=drop

    5 ;;; Drop Blaster Worm
    chain=virus protocol=tcp dst-port=135-139 action=drop

    6 ;;; Worm
    chain=virus protocol=tcp dst-port=1433-1434 action=drop

    7 ;;; Drop Blaster Worm
    chain=virus protocol=tcp dst-port=445 action=drop

    8 ;;; Drop Blaster Worm
    chain=virus protocol=udp dst-port=445 action=drop

    9 ;;; ndm requester
    chain=virus protocol=tcp dst-port=1363 action=drop

    10 ;;; ndm server
    chain=virus protocol=tcp dst-port=1364 action=drop

    11 ;;; screen cast
    chain=virus protocol=tcp dst-port=1368 action=drop

    12 ;;; hromgrafx
    chain=virus protocol=tcp dst-port=1373 action=drop

    13 ;;; cichlid
    chain=virus protocol=tcp dst-port=1377 action=drop

    14 ;;; Bagle Virus
    chain=virus protocol=tcp dst-port=2745 action=drop

    15 ;;; Drop Dumaru.Y
    chain=virus protocol=tcp dst-port=2283 action=drop

    16 ;;; Drop Beagle
    chain=virus protocol=tcp dst-port=2535 action=drop

    17 ;;; Drop Beagle.C-K
    chain=virus protocol=tcp dst-port=2745 action=drop

    18 ;;; Drop MyDoom
    chain=virus protocol=tcp dst-port=3127 action=drop

    19 ;;; Drop Backdoor OptixPro
    chain=virus protocol=tcp dst-port=3410 action=drop

    20 ;;; Worm
    chain=virus protocol=tcp dst-port=4444 action=drop

    21 ;;; Drop NetBus
    chain=virus protocol=tcp dst-port=12345 action=drop

    22 ;;; jump to the virus chain
    chain=forward action=jump jump-target=virus

    23 ;;; Accept established connections
    chain=input connection-state=established action=accept -> rule no 23 dan 24 ini kok sama yah dgn rules dgn rule no 1 dan 2 di atas.. emang begitu yah.. maksudnya beda yah.. atau gara2 ada rule no 22 (jump) jd rule ini perlu ditulis lagi

    24 ;;; Accept related connections
    chain=input connection-state=related action=accept

    25 ;;; Drop invalid connections
    chain=input connection-state=invalid action=drop

    26 ;;; UDP
    chain=input protocol=udp action=accept

    27 ;;; Allow limited pings
    chain=input protocol=icmp limit=50/5s,2 action=accept

    28 ;;; Drop excess pings
    chain=input protocol=icmp action=drop

    29 ;;; FTP
    chain=input src-address=192.168.0.0/24 protocol=tcp dst-port=21
    action=accept

    30 ;;; SSH for secure shell
    chain=input src-address=192.168.0.0/24 protocol=tcp dst-port=22
    action=accept

    31 ;;; Telnet
    chain=input src-address=192.168.0.0/24 protocol=tcp dst-port=23
    action=accept

    32 ;;; Web
    chain=input src-address=192.168.0.0/24 protocol=tcp dst-port=80
    action=accept

    33 ;;; winbox
    chain=input src-address=192.168.0.0/24 protocol=tcp dst-port=8291
    action=accept

    34 X ;;; pptp-server
    chain=input protocol=tcp dst-port=1723 action=accept

    35 ;;; From client Network
    chain=input src-address=192.168.0.0/24 action=accept

    36 ;;; Log everything else
    chain=input action=log log-prefix="DROP INPUT"

    37 ;;; Drop everything else
    chain=input action=drop


    ok deh... semoga yg di bold itu di jawab yah Click here to enlarge.. gua bingung bener atau kagak ini rules.. masalahnya kok ada rule yg sama
    oh yah.. rules utk block virus di atas perlu yah ??? kalo ngak ada rules itu.. client2 kita kemungkinan bisa kena virus atau gimana ??
    Mikrotik bisa kena virus ngak yah ??

    thx u sebelumnya

  2. The Following User Says Thank You to earthlink For This Useful Post:


  3. #2
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    firewall mah ngak sah ribet2 Click here to enlarge
    drop semua input, allow yg boleh akses aja

    allo yg boleh akses
    chain input, action allow, scr addr ip yg boleh akses router

    drop all
    chain input, action drop

    hehehe

  4. The Following User Says Thank You to sherayusuf For This Useful Post:


  5. #3
    Status
    Offline
    earthlink's Avatar
    Newbie
    Join Date
    Jun 2008
    Posts
    36
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    firewall gini aja cukup ?? sorry gua jg copy paste punya orang Click here to enlarge

    / ip firewall filter
    add chain=input connection-state=established comment="Accept established connections"
    add chain=input connection-state=related comment="Accept related connections"
    add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
    add chain=input protocol=udp action=accept comment="UDP" disabled=no
    add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
    add chain=input protocol=icmp action=drop comment="Drop excess pings"
    add chain=input protocol=tcp dst-port=22 comment="SSH for secure shell"
    add chain=input protocol=tcp dst-port=8291 comment="winbox"
    add chain=input src-address=159.148.172.192/28 comment="From Mikrotikls network" ->> ini maksudnya apa yah.. ip public dari isp kita yah
    add chain=input src-address=192.168.0.0/24 comment="From our private LAN"
    add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
    add chain=input action=drop comment="Drop everything else"

  6. The Following User Says Thank You to earthlink For This Useful Post:


  7. #4
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    yah bisa macem2 kk, bisa network dibawahnya yg di kasih akses router itu
    solanya di sini di drop all jika ngak di allow add chain=input action=drop comment="Drop everything else"

  8. #5
    Status
    Offline
    ciupax's Avatar
    Newbie
    Join Date
    Nov 2007
    Posts
    59
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    rules add chain=input src-address=159.148.172.192/28 comment="From Mikrotikls network" itu adalah ip public dari isp anda.mungkin rule ini sengaja dibuat oleh isp kita biar mereka bisa ada akses ke mikrotik.

    soal rules
    0 ;;; Make sure proxy is NOT a Open Proxy
    chain=input in-interface=Internet src-address=0.0.0.0/0 protocol=tcp
    dst-port=3128 action=drop ->>benarkan ini rules di posisi paling atas ??

    itu harus diletakkan paling atas supaya rule tersebut dievaluasi duluan,jadi begitu asalnya tujuan nya port 3128 langsung didrop tanpa harus melakukan proses yang lain2 lagi karena rules tersebut diletakkan paling atas. urutan proses rule firewall khan dimulai dari urutan pertama sampai yang terakhir.jadi sebaiknya rules itu diletakkan no 1. mudah2an membantu.dikoreksi jika salah ya.......

  9. #6
    Status
    Offline
    dingting's Avatar
    Member
    Join Date
    Jul 2008
    Posts
    277
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    rule no 23 dan 24 ini kok sama yah dgn rules dgn rule no 1 dan 2 di atas.. emang begitu yah.. maksudnya beda yah.. atau gara2 ada rule no 22 (jump) jd rule ini perlu ditulis lagi
    bro bukannya beda dichain input ama forward yah???
    sya juga lagi belajar firewal nih broClick here to enlarge

  10. #7
    Status
    Offline
    Anam's Avatar
    Newbie
    Join Date
    Apr 2014
    Location
    City of Heroes
    Posts
    35
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Kl mslh firewall sih trgantung kebutuhan, jd bs di sesuaikan.. Click here to enlarge
    Da jg yg drop tp email only..
    Tp mksi bt masukanny y gan.. Click here to enlarge

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. script firewall filter (untuk blok port virus dan spam)
    By dot in forum General Networking
    Replies: 52
    Last Post: 16-02-2016, 14:27
  2. setting web proxy, rule firewall jadi tidak jalan
    By carrud in forum General Networking
    Replies: 6
    Last Post: 17-09-2010, 13:39
  3. Replies: 22
    Last Post: 28-03-2010, 16:07
  4. [Info] Auto Enable P2P Firewall Rule in certain Time
    By okto_2005 in forum Scripting @ Mikrotik
    Replies: 5
    Last Post: 05-06-2009, 00:46
  5. (ask) filter dan blok ip
    By agung in forum Beginner Basics
    Replies: 3
    Last Post: 28-11-2007, 09:42

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •