Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 3 of 3
  1. #1
    Status
    Offline
    andreansyah's Avatar
    Newbie
    Join Date
    Aug 2007
    Posts
    27
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    1 (100%)

    [share] skrip Firewall bagus buat ngelindungin AP

    Nuwbie pengen berbagi skrip bwat ngelindungin AP Mikrotik kita dari hal yang kurang baik, kayak fload ping, port virus, dll

    Code:
    /ip firewall filter
    add action=accept chain=input comment="Accept established connections" connection-state=established disabled=no
    add action=accept chain=input comment="Accept related connections" connection-state=related disabled=no
    add action=drop chain=input comment="Drop invalid connections" connection-state=invalid disabled=no
    add action=accept chain=input comment=UDP disabled=no protocol=udp
    add action=accept chain=input comment="Allow limited pings" disabled=no limit=50/5s,2 protocol=icmp
    add action=drop chain=input comment="Drop excess pings" disabled=no protocol=icmp
    add action=accept chain=input comment=PTI-Network disabled=no src-address=202.xxx.xxx.0/22
    add action=accept chain=input comment=Your-Network-Network disabled=no src-address=192.168.YYY.0/24
    add action=log chain=input comment="Log everything else" disabled=no log-prefix="DROP INPUT"
    add action=drop chain=input comment="Drop everything else" disabled=no
    add action=drop chain=forward comment="" disabled=no dst-port=135-139 protocol=tcp
    add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=135-139
    add action=drop chain=forward comment="" disabled=no protocol=udp src-port=135-139
    add action=drop chain=forward comment="" disabled=no dst-port=135-139 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=tcp
    add action=drop chain=forward comment="" disabled=no protocol=tcp src-port=445
    add action=drop chain=forward comment="" disabled=no dst-port=445 protocol=udp
    add action=drop chain=forward comment="" disabled=no protocol=udp src-port=445
    add action=drop chain=forward comment="" disabled=no dst-port=12345-12346 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=12345-12346 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=67-69 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=67-69 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=20034 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=20034 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=3133 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=3133 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=111 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=111 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=2049 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=2049 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1080 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1080 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1214 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1214 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1433-1434 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1433-1434 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1363 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1363 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1364 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1364 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1368 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1368 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1373 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1373 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=1377 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=1377 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=3410 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=3410 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=4444 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=4444 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=5554 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=5554 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=8866 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=8866 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=9898 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=9898 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=10080 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=10080 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=17300 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=17300 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=27374 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=27374 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=65506 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=65506 protocol=udp
    add action=drop chain=forward comment="" disabled=no dst-port=2888 protocol=tcp
    add action=drop chain=forward comment="" disabled=no dst-port=2888 protocol=udp

    XXX = kelas IP yang di pake ISP anda...
    YYY = kelas IP Lokal anda

    Klik Thanks nya dong
    Click here to enlarge
    Last edited by andreansyah; 03-07-2008 at 23:12. Reason: di edit dikit, ada yang ngaco

  2. The Following User Says Thank You to andreansyah For This Useful Post:


  3. #2
    Status
    Offline
    Akangage's Avatar
    Administrator
    Join Date
    Aug 2007
    Location
    Daerah Khusus Ibukota Jakarta, Indonesia
    Posts
    4,188
    Reviews
    Read 0 Reviews
    Downloads
    210
    Uploads
    87
    Feedback Score
    0
    No offense bro.... kayanya pernah liad deh nih script poenya siapa gitu Click here to enlarge kalo emang ini punya orang, alangkah baik-nya memberikan "credit" kepada yang menemukannya Click here to enlarge








    ---------------------------------------------------------------------------------------
    Respect people and people will respect us
    Mari kita budayakan "Thanks" atas setiap jernih payah usaha seseorang agar lebih semangat
    lagi dalam mencari ilmu yang baru...... jangan lupa klik "Thanks"
    ---------------------------------------------------------------------------------------

  4. #3
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    chain input action drop
    chain input scr-add ip yg di ijinin action accept
    gitu aja ko repot
    firewall yg baik itu yg ngak banyak rule yg malah membebani kerjanya

    inti firewall sih drop semua
    buka yg dibutuhin heheh Click here to enlarge

    jgns ampe overflow karena kebanyakan rules lo

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 35
    Last Post: 24-06-2014, 16:05
  2. AP Mikrotik yang bagus?
    By geonet_comp in forum Wireless Networking
    Replies: 35
    Last Post: 04-02-2012, 01:04
  3. minta tolong skrip awal setting mikrotik di winxp
    By mossy in forum Beginner Basics
    Replies: 24
    Last Post: 05-05-2008, 18:11
  4. Replies: 0
    Last Post: 01-03-2008, 12:30
  5. mni pCI XR2 bagus ngak ya?
    By r_jaury in forum General Networking
    Replies: 3
    Last Post: 20-01-2008, 16:25

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •