Disini saya memberikan beberapa keamanan pada Firewall mikrotik anda sehingga mikrotik anda dapat aman dari berbagai macam gangguan yang terjadi. Langsung aja dibawah ini ada beberapa perintah firewall dan ada dapat copy/paste aja pada "new terminal";. Berikut perintahnya :
Untuk Accept Estabilished Connections
/ip firewall filter add chain=input connection-state=established action=accept comment=”Accept_established_connections”
Untuk Accept Related Connections
/ip firewall filter add chain=input connection-state=related action=accept comment=”Accept_related_connections”
Untuk Drop Invalid Connections
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop_invalid_connections”
Untuk UDP
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”
Untuk Allow Limited Ping
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”
Untuk Drop Excess Ping
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”
Untuk FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
Kemudian Untuk SSH for Secure shell
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”
Untuk Telnet
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
Untuk Web
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”
Untuk Winbox
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
Untuk PPTP-Server
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
Untuk log Everything else
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log_everything_else”
Untuk Filter Port Scanning
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port_Scanners_To_List” disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=” Port_Scanners_To_List1” disabled=no
Untuk Filter Port FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter_FTP_to_Box” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”Filter_port_FTP1” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment=”Filter_port_FTP1” disabled=no
Untuk Separate Packet Flag
/ip firewall filter add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate_Protocol_into_Chains1” disabled=no
/ip firewall filter add chain=forward protocol=udp action=jump jump-target=udp comment=”Separate_Protocol_into_Chains2” disabled=no
/ip firewall filter add chain=forward protocol=icmp action=jump jump-target=icmp comment=”Separate_Protocol_into_Chains3” disabled=no
Untuk Blocking Bukis Mail Traffic
/ip firewall filter add chain=forward protocol=tcp dst-port=25 action=drop comment=”Allow_SMTP” disabled=no
Untuk Connection P2P
/ip firewall filter add chain=forward p2p=all-p2p action=accept comment=”trafik_P2P” disabled=no
Untuk Filter Junk Dan Koneksi
/ip firewall filter add chain=input connection-state=established action=accept comment=”Connection_State1” disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment=”Connection_State2” disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Connection_State3” disabled=no
Untuk Allow estabilished Connections
/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow_Established_Connections”
Untuk Related Connections
/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow_Realted_connections”
Untuk Drop Invalid Connections
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop_Invalid_Connections”
Maka hasilnya dapat kita lihat seperti gambar dibawah ini;
Tidak ada komentar:
Posting Komentar