-
Fototrend
Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.
Új hozzászólás Aktív témák
-
Lezl
tag
Itt a konfig, van benne sok dolog ami nem is kell már
# nov/01/2017 14:17:44 by RouterOS 6.40.4
# software id = 8C8Z-IPKS
#
# model = CCR1009-8G-1S
# serial number = 49130427F4E3
/ip firewall address-list
add address=89.132.155.172 comment="Saj\E1t SMTP szerver" list=smtp-szerverek
add address=195.70.49.106 comment=smtpauth.upcbusiness.hu list=smtp-szerverek
add address=213.46.255.2 comment=smtp.monornet.hu list=smtp-szerverek
add address=89.135.50.60 comment="Ez a cim kiv\E9tel az smtp szures alol" list=\
kivetelek
add address=70.86.5.44 list=smtp-szerverek
add address=194.149.13.163 comment=smtp.datanet.hu list=smtp-szerverek
add address=62.112.194.45 comment=smtp.datanet.hu list=smtp-szerverek
add address=194.149.13.165 comment=smtp.datanet.hu list=smtp-szerverek
add address=194.149.13.161 comment=smtp.datanet.hu list=smtp-szerverek
add address=195.70.57.133 comment=smtp.mediacenter.hu list=smtp-szerverek
add address=84.2.44.3 comment=mail.t-online.hu list=smtp-szerverek
add address=84.2.45.3 comment=mail.t-online.hu list=smtp-szerverek
add address=84.2.46.3 comment=mail.t-online.hu list=smtp-szerverek
add address=192.168.190.10 comment="Ez a cim kiv\E9tel az smtp szures alol" \
list=kivetelek
add address=192.168.190.212 comment="Ez a cim kiv\E9tel az smtp szures alol" \
list=kivetelek
add address=79.172.252.54 comment=Premiumos list=smtp-szerverek
add address=178.238.222.15 comment=Premiumos list=smtp-szerverek
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=drop chain=forward comment="Drop dhcp leased ips on PPPoE interface" \
src-address=192.168.180.2-192.168.180.254
add action=drop chain=forward comment="Drop DCOM" dst-port=135 protocol=tcp
add action=drop chain=input comment="Drop Telnet attempts" dst-port=23 \
protocol=tcp
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid
add action=accept chain=forward dst-address=192.168.190.0/23 protocol=tcp \
src-address=192.168.190.10
add action=accept chain=forward dst-address-list=smtp-szerverek dst-port=25 \
out-interface="UPC Port 1" protocol=tcp
add action=accept chain=input comment="Allow Established connections" \
connection-state=established
add action=accept chain=input comment="Allow UDP" protocol=udp
add action=accept chain=input comment="Allow ICMP" protocol=icmp
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid protocol=tcp
add action=accept chain=forward comment="allow already established connections" \
connection-state=established
add action=accept chain=forward comment="allow related connections" \
connection-state=related
add action=drop chain=forward comment="block bad IP" src-address=0.0.0.0/8
add action=drop chain=forward comment="block bad IP" dst-address=0.0.0.0/8
add action=drop chain=forward comment="block bad IP" src-address=127.0.0.0/8
add action=drop chain=forward comment="block bad IP" dst-address=127.0.0.0/8
add action=drop chain=forward comment="block bad IP" src-address=224.0.0.0/3
add action=drop chain=forward comment="block bad IP" dst-address=224.0.0.0/3
add action=jump chain=forward comment="jumps to new chains" jump-target=tcp \
protocol=tcp
add action=jump chain=forward comment="jumps to new chains" jump-target=udp \
protocol=udp
add action=jump chain=forward comment="jumps to new chains" jump-target=icmp \
protocol=icmp
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 protocol=\
tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=135 protocol=\
tcp
add action=drop chain=tcp comment="deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 protocol=\
tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=\
tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 protocol=\
udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 protocol=\
udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=\
udp
add action=accept chain=icmp comment="drop invalid connections" icmp-options=\
0:0 protocol=icmp
add action=accept chain=icmp comment="allow established connections" \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="allow already established connections" \
icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 \
protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=udp comment="deny dhcp" dst-port=67-68 protocol=udp
add action=accept chain=input comment=\
"Allow access to router from known network" src-address=192.168.255.0/24
add action=accept chain=input comment=\
"Allow access to router from known network" src-address=192.168.190.0/24
add action=accept chain=input src-address=10.0.0.0/8
add action=accept chain=input src-address=89.135.50.64/26
add action=accept chain=input src-address=89.135.50.64/26
add action=accept chain=forward src-address=89.132.156.147
add action=drop chain=input comment="Drop anything else"
add action=add-src-to-address-list address-list=smtp-spammer \
address-list-timeout=4w2d chain=forward dst-address-list=!smtp-szerverek \
dst-port=25 out-interface=UPC protocol=tcp
add action=drop chain=forward dst-port=25 out-interface="UPC Port 1" protocol=\
tcp src-address-list=!kivetelek
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"UPC primary - IP range (alap tartomany)" disabled=yes dst-address=\
!89.132.155.172 new-routing-mark="UPC primary" passthrough=no src-address=\
89.132.155.160/29
add action=mark-routing chain=prerouting comment=\
"UPC primary - IP range (extra tartomany)" disabled=yes dst-address=\
!89.132.155.172 new-routing-mark="UPC extra tartomany" passthrough=no \
src-address=89.132.156.128/27
add action=mark-routing chain=prerouting comment=\
"UPC primary - IP range (extra tartomany)" disabled=yes dst-address=\
!89.132.155.172 new-routing-mark="UPC extra tartomany 2" passthrough=no \
src-address=89.135.54.0/25
add action=change-mss chain=forward new-mss=clamp-to-pmtu protocol=tcp \
tcp-flags=syn
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=masquerade chain=srcnat out-interface="UPC Port 1" src-address=\
10.10.10.0/24
add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.190.212 \
dst-port=18767 protocol=tcp src-port=18767 to-addresses=192.168.190.212 \
to-ports=18767
add action=dst-nat chain=dstnat disabled=yes log=yes protocol=tcp src-address=\
192.168.190.212 src-port=18767 to-addresses=192.168.190.10 to-ports=18767
add action=src-nat chain=srcnat comment=\
"Apartman nem publikus cimek mas forrasra natol\E1sa" disabled=yes log=yes \
protocol=tcp src-address=192.168.190.212 src-port=18767 to-addresses=\
192.168.190.10 to-ports=18767
add action=src-nat chain=srcnat comment=\
"Apartman nem publikus cimek mas forrasra natol\E1sa" out-interface=\
"UPC Port 1" src-address=192.168.190.0/23 to-addresses=89.135.50.65
add action=src-nat chain=srcnat comment=\
"Apartman nem publikus cimek mas forrasra natol\E1sa" disabled=yes \
dst-address=!91.120.14.98 out-interface=UPC src-address=192.168.190.0/23 \
to-addresses=91.120.14.129
add action=src-nat chain=srcnat comment="TESZT gep/port natol\E1sa" disabled=\
yes dst-address=!91.120.14.98 out-interface=UPC src-address=\
192.168.254.0/24 to-addresses=91.120.14.129
add action=src-nat chain=srcnat comment="TESZT gep/port natol\E1sa" \
dst-address=!89.132.155.172 out-interface="UPC Port 1" src-address=\
192.168.254.0/24 to-addresses=89.135.50.65
add action=src-nat chain=srcnat comment=\
"PPPOE nem publikus cimek mas forrasra natol\E1sa" disabled=yes \
dst-address=!91.120.14.98 out-interface=UPC src-address=10.0.0.0/24 \
to-addresses=91.120.14.129
add action=src-nat chain=srcnat comment=\
"PPPOE nem publikus cimek mas forrasra natol\E1sa" dst-address=\
!89.132.155.172 out-interface="UPC Port 1" src-address=10.0.0.0/24 \
to-addresses=89.135.50.65
add action=masquerade chain=srcnat comment="Mail szerver NATol\E1sa" disabled=\
yes out-interface="UPC Port 1" src-address=192.168.255.0/24 to-addresses=\
91.120.14.97
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=22 protocol=tcp to-addresses=192.168.255.1 to-ports=\
22
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=25 protocol=tcp to-addresses=192.168.255.1 to-ports=\
25
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=18767 protocol=tcp to-addresses=192.168.190.10 \
to-ports=18767
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=110 protocol=tcp to-addresses=192.168.255.1 to-ports=\
110
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=80 protocol=tcp to-addresses=192.168.255.1 to-ports=\
80
add action=dst-nat chain=dstnat comment="monornet to datanet smtp redit" \
dst-address=213.46.255.2 dst-port=25 protocol=tcp to-addresses=\
194.149.13.165 to-ports=25
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
89.132.155.172 dst-port=49256 protocol=tcp to-addresses=192.168.255.2 \
to-ports=49256
add action=dst-nat chain=dstnat disabled=yes dst-address=89.132.155.172 \
dst-port=63320 protocol=tcp to-addresses=192.168.255.199 to-ports=63320
add action=dst-nat chain=dstnat comment="Teszt remote" disabled=yes \
dst-address=89.132.155.172 dst-port=2222 protocol=tcp to-addresses=\
192.168.254.2 to-ports=3389
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
89.132.155.172 dst-port=2075 protocol=tcp to-addresses=192.168.190.232 \
to-ports=50000
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
91.120.14.98 dst-port=40000 protocol=tcp to-addresses=192.168.255.1 \
to-ports=21
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
89.132.155.172 dst-port=33303 protocol=tcp to-addresses=192.168.255.2 \
to-ports=2075
add action=dst-nat chain=dstnat dst-port=25 protocol=tcp src-address=\
192.168.190.43 to-addresses=192.168.150.199 to-ports=63320
add action=dst-nat chain=dstnat comment="Mail portbedobas ADSL-rol" \
dst-address=192.168.255.254 dst-port=25 protocol=tcp to-addresses=\
192.168.255.1 to-ports=25
add action=dst-nat chain=dstnat dst-address=89.135.54.80 protocol=t
to-addresses=192.168.190.8 to-ports=0-65535
add action=src-nat chain=srcnat protocol=tcp src-address=192.168.19
to-addresses=89.135.54.80 to-ports=0-65535
add action=dst-nat chain=dstnat comment="monornet to datanet smtp r
dst-address=213.46.255.2 dst-port=25 protocol=tcp to-addresses=
194.149.13.161 to-ports=25
add action=dst-nat chain=dstnat comment="monornet to datanet smtp r
dst-address=213.46.255.2 dst-port=25 protocol=tcp to-addresses=
194.149.13.163 to-ports=25
add action=masquerade chain=srcnat comment="masquerade hotspot netw
disabled=yes src-address=192.168.20.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot netw
disabled=yes src-address=89.135.50.64/26
add action=masquerade chain=srcnat comment="masquerade hotspot netw
disabled=yes src-address=89.135.50.64/26
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
Új hozzászólás Aktív témák
ekkold- Samsung Galaxy Felhasználók OFF topicja
- Steam topic
- Apple iPhone 13 - hízott, de jól áll neki!
- Milyen okostelefont vegyek?
- Androidos tablet topic
- Anime filmek és sorozatok
- Késik a következő S24 Ultra kamerafrissítés?
- VR topik (Oculus Rift, stb.)
- Le Mans Ultimate
- Poco F5 - pokolian jó ajánlat
- További aktív témák...
- 1.250.000 FT helyett 940.000 FT !! MacBook Pro 16" M3 Pro 12CPU / 18GPU / 18GB / 512 SSD
- RTX 2080TI ROG STRIX GAMER PC
- AKCIÓ !! M3 Chip - MacBook Pro 14" 8C CPU / 10C GPU / 8 GB/ 1 TB / Bontatlan / Magyar
- Tidradio td-h3 akkumulátor
- HP ZBook Studio x360:i7 9850H,32GB,512GB,P2000,15.6" UHD 3840x2160 TOUCH 600nit 100%AdobeRGB,HP gari