Scribd Logo
Upload

Welcome to Scribd!

  • Firewall Avanzado v6

    Uploaded by

    jsolorzano09
    108 views1 page
    firewall MK

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    firewall MK

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    108 views1 page

    Firewall Avanzado v6

    Uploaded by

    jsolorzano09
    firewall MK

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    /ip firewall filter

    add chain=input comment="*************Accept established connection packets" con


    nection-state=established
    add chain=input comment="Accept related connection packets" connection-state=rel
    ated
    add action=drop chain=input comment="Drop invalid packets" connection-state=inva
    lid
    add action=add-src-to-address-list address-list=ICMP address-list-timeout=1m cha
    in=input comment="*************Start Port KnockingA By Rodrigo" disabled=yes pro
    tocol=icmp
    add action=add-src-to-address-list address-list="ICMP + Http" address-list-timeo
    ut=2m chain=input disabled=yes dst-port=80 protocol=tcp src-address-list=ICMP
    add action=drop chain=input comment="End Port KnockingA" disabled=yes dst-port=2
    2,23,8291 protocol=tcp src-address-list="!ICMP + Http"
    add action=add-src-to-address-list address-list=Temp1 address-list-timeout=5m ch
    ain=input comment="*************Start Port KnockingB By Rodrigo" disabled=yes ds
    t-port=\
    1000 protocol=tcp
    add action=add-src-to-address-list address-list=Temp1+Temp2 address-list-timeout
    =5m chain=input disabled=yes dst-port=2000 protocol=tcp src-address-list=Temp1
    add action=add-src-to-address-list address-list=Temp1+Temp2+Cantito address-list
    -timeout=5m chain=input disabled=yes dst-port=3000 protocol=tcp src-address-list
    =\
    Temp1+Temp2
    add action=drop chain=input comment="END Port KnockingB" disabled=yes dst-port=2
    2,23,8291 protocol=tcp src-address-list=!Temp1+Temp2+Cantito
    add chain=input comment="*************Permitir Protocolos ICMP" connection-limit
    =15,32 icmp-options=0:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=8:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:3 limit=5,5 protocol=icmp
    add chain=input icmp-options=11:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:4 limit=5,5 protocol=icmp
    add action=drop chain=input protocol=icmp
    add action=tarpit chain=input comment="*************Impedir Atacante DOS genere
    nuevas conecxiones" protocol=tcp src-address-list="Lista Negra"
    add action=add-src-to-address-list address-list="Lista Negra" address-list-timeo
    ut=1d chain=input comment="Deteccion de DOS" connection-limit=100,32
    add action=drop chain=forward comment="Block Atakante DOS" protocol=tcp src-addr
    ess-list="Lista Negra"
    add action=drop chain=input comment="*************Block Intrusos WebProxy" dst-p
    ort=3128 in-interface=WAN protocol=tcp
    add action=drop chain=input comment="Block Intrusos DNS" dst-port=53 in-interfac
    e=WAN protocol=udp
    add action=drop chain=forward comment="*************BLOCK SPAMMERS OR INFECTED U
    SERS" dst-port=25 protocol=tcp src-address-list=spammer
    add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
    chain=forward comment="Detect and add-list SMTP virus or spammers" connection-li
    mit=30,32 \
    dst-port=25 limit=50,5 protocol=tcp
    add action=jump chain=forward comment="jump to the virus chain" jump-target=viru
    s
    add chain=input comment="*************Permitir el Acceso al Router desde Redes C
    onocidas" disabled=yes src-address-list="Permitir IPs for Access"
    add action=drop chain=input comment="*************Drop all INPUT" disabled=yes
    Fuente:
    http://wiki.mikrotik.com/wiki/Manual:IP/Firewall

    You might also like