Friday, January 6, 2012

Standar firewall

/ip firewall filter
add action=accept chain=forward comment="Accepted Connections" \
connection-state=established disabled=no
add action=accept chain=input comment="" disabled=no dst-port=80 protocol=tcp
add action=accept chain=input comment="" disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment="Drop invalid connections" \
connection-state=invalid disabled=no

Drop Virus Port
/ip firewall filter
add action=drop chain=forward comment="Drop Virus Port" disabled=no \
dst-port=40016 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=135-139 protocol=\
udp
add action=drop chain=virus comment="" disabled=no dst-port=135-139 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=445 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus comment="" disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus comment="" disabled=no dst-port=10080 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=12345 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=17300 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=27374 protocol=\
tcp
add action=drop chain=virus comment="" disabled=no dst-port=65506 protocol=\
tcp

Drop Port Scanner
/ip firewall filter
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="Drop Port Scanner" disabled=\
no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment="" disabled=no protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="" disabled=no src-address-list=\
PortScanner

Drop Brute Force
/ip firewall filter
add action=accept chain=output comment="Drop Brute Force" content=\
"530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m \
protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output comment="" content=\
"530 Login incorrect" disabled=no protocol=tcp
add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp \
src-address-list=Blacklist

Drop Trace route
/ip firewall filter
add action=drop chain=forward comment="Drop Traceroute" disabled=no \
icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment="" disabled=no icmp-options=3:3 \
protocol=icmp
add action=drop chain=input comment="" disabled=no protocol=\
icmp src-address-list=!Local

Drop ICMP Ping
/ip firewall filter
add action=drop chain=input comment="Drop ICMP Ping" disabled=no protocol=\
icmp

Drop Netcut Attack
/ip firewall filter
add action=accept chain=input comment="NETCUT BLOCK" disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=67.195.134.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=68.142.233.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=68.180.217.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=203.84.204.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=69.63.176.0/24
add action=accept chain=input comment="" disabled=no dst-port=0-65535 \
protocol=tcp src-address=69.63.181.0/24
Posted by Admin
Labels:

Sunday, November 27, 2011

Sample Mikrotik Layer7 Protocol

Extension
\.(exe|bin|cab|msi|rar|zip|iso|nrg|img|gz|gzip|7z|tar|mp3|mp4|wmv|avi|mpg|mpeg|flv|mov|3gp|rm|rm1|doc|pdf|ppt|xls|dat|vob|asf)

Video
http/(0\.9|1\.0|1\.1)[\x09-\x0d ][1-5][0-9][0-9][\x09-\x0d -~]*(content-type: video)

Youtube
o-o.preferred.pttelkom-|a.youtube.com|b.youtube.com|c.youtube.com|d.youtube.com|e.youtube.com|f.youtube.com|g.youtube.com|h.youtube.com|i.youtube.com|j.youtube.kom|l.youtube.com
Posted by Admin
Labels:

Saturday, September 24, 2011

Limit Bandwith using Layer 7-Protocol

SCRIPT I
/ip firewall layer7-protocol
add comment="" name=ISO regexp="\\.(iso)"
add comment="" name=NRG regexp="\\.(nrg)"
add comment="" name=RM regexp="\\.(rm)"
add comment="" name=RM1 regexp="\\.(rm1)"
add comment="" name=MP4 regexp="\\.(mp4)"
add comment="" name=AVI regexp="\\.(avi)"
add comment="" name=WAV regexp="\\.(wav)"
add comment="" name=MPG regexp="\\.(mpg)"
add comment="" name=MP3 regexp="\\.(mp3)"
Read more »
Posted by Admin
Labels:
Subscribe to: Posts (Atom)