RE: [YF] [SHARE] Konfigurasi Firewall pada MikroTik RouterOS
Terima kasih Sharing nya mas Adhari…kalo ada lebih banyak mengenai Mikrotik Routers tolong di sharing lagi yach.. Tks, From: yogyafree-perjuangan@yahoogroups.com [mailto:yogyafree-perjuan...@yahoogroups.com] On Behalf Of Adhari Purnawan Sent: 20 Maret 2009 13:09 To: yogyafree-perjuangan@yahoogroups.com Subject: [YF] [SHARE] Konfigurasi Firewall pada MikroTik RouterOS konfigurasi Firewall pada MikroTik RouterOS Security Router MikroTik / ip firewall filter adhari purnawan * add chain=input connection-state=established comment=”Accept established connections” * add chain=input connection-state=related comment=”Accept related connections” * add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” * add chain=input protocol=udp action=accept comment=”UDP” disabled=no * add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” * add chain=input protocol=icmp action=drop comment=”Drop excess pings” * add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell” * add chain=input protocol=tcp dst-port=8291 comment=”winbox” # Edit these rules to reflect your actual IP addresses! # * add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” * add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit # * add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else” * add chain=input action=drop comment=”Drop everything else” Setting Keamanan Jaringan Hanya untuk Lokal Area: /ip firewall filter * add chain=forward connection-state=established comment=”allow established connections” * add chain=forward connection-state=related comment=”allow related connections” * add chain=forward connection-state=invalid action=drop comment=”drop invalid connections” * add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” * add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” * add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” * add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” * add chain=virus protocol=tcp dst-port=593 action=drop comment=”” * add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”” * add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” * add chain=virus protocol=tcp dst-port=1214 action=drop comment=”” * add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” * add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” * add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” * add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” * add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” * add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” * add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” * add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” * add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” * add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” * add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” * add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro” * add chain=virus protocol=tcp dst-port= action=drop comment=”Worm” * add chain=virus protocol=udp dst-port= action=drop comment=”Worm” * add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” * add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” * add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” * add chain=virus protocol=tcp dst-port=1 action=drop comment=”Drop Dumaru.Y” * add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” * add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” * add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ * add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” * add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot” Matikan Port yang Biasa di pakai Spam : * /ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop * /ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop * /ip firewall filter add chain=forward dst-port=593 protocol=tcp action
[YF] [SHARE] Konfigurasi Firewall pada MikroTik RouterOS
konfigurasi Firewall pada MikroTik RouterOS Security Router MikroTik / ip firewall filter adhari purnawan * add chain=input connection-state=established comment=”Accept established connections” * add chain=input connection-state=related comment=”Accept related connections” * add chain=input connection-state=invalid action=drop comment=”Drop invalid connections” * add chain=input protocol=udp action=accept comment=”UDP” disabled=no * add chain=input protocol=icmp limit=50/5s,2 comment=”Allow limited pings” * add chain=input protocol=icmp action=drop comment=”Drop excess pings” * add chain=input protocol=tcp dst-port=22 comment=”SSH for secure shell” * add chain=input protocol=tcp dst-port=8291 comment=”winbox” # Edit these rules to reflect your actual IP addresses! # * add chain=input src-address=159.148.172.192/28 comment=”From Mikrotikls network” * add chain=input src-address=10.0.0.0/8 comment=”From our private LAN”# End of Edit # * add chain=input action=log log-prefix=”DROP INPUT” comment=”Log everything else” * add chain=input action=drop comment=”Drop everything else” Setting Keamanan Jaringan Hanya untuk Lokal Area: /ip firewall filter * add chain=forward connection-state=established comment=”allow established connections” * add chain=forward connection-state=related comment=”allow related connections” * add chain=forward connection-state=invalid action=drop comment=”drop invalid connections” * add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” * add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” * add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” * add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” * add chain=virus protocol=tcp dst-port=593 action=drop comment=”” * add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”” * add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” * add chain=virus protocol=tcp dst-port=1214 action=drop comment=”” * add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester” * add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server” * add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast” * add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx” * add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid” * add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” * add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” * add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” * add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” * add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” * add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom” * add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro” * add chain=virus protocol=tcp dst-port= action=drop comment=”Worm” * add chain=virus protocol=udp dst-port= action=drop comment=”Worm” * add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” * add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” * add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” * add chain=virus protocol=tcp dst-port=1 action=drop comment=”Drop Dumaru.Y” * add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” * add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” * add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ * add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” * add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot” Matikan Port yang Biasa di pakai Spam : * /ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop * /ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop * /ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port= protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop * /ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop * /ip firewall filter add chain=forwar
