2. Fórumok
  3. Hálózat, szolgáltatók
  4. Mikrotik routerek
Keresés
  • Téma összefoglaló
    Utoljára frissítve: 2021-08-17 20:43

    Fototrend

    Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.

Új hozzászólás Aktív témák

  • #12804 allnickused tag bacus #12803
    Új Válasz #12804
    Új hozzászólás
    Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra
    Privát üzenet küldése

    allnickused

    tag

    válasz bacus #12803 üzenetére

    Ez kábé milyen?

    /ip firewall filter add action=drop chain=input comment="PING input drop" icmp-options=8:0-255 in-interface=!bridge protocol=icmp
    /ip firewall filter add action=accept chain=input comment="accept ICMP after RAW" protocol=icmp
    /ip firewall filter add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related
    /ip firewall filter add action=accept chain=input src-address-list=allowed_to_router
    /ip firewall filter add action=drop chain=input comment="drop all not coming from LAN" in-interface-list=!LAN
    /ip firewall filter add action=accept chain=forward comment="accept all that matches IPSec policy" disabled=yes ipsec-policy=in,ipsec
    /ip firewall filter add action=drop chain=forward comment="drop bad forward IPs" src-address-list=no_forward_ipv4
    /ip firewall filter add action=drop chain=forward comment="drop bad forward IPs" dst-address-list=no_forward_ipv4
    /ip firewall filter add action=fasttrack-connection chain=forward comment="fasttrack" connection-state=established,related disabled=yes
    /ip firewall filter add action=accept chain=forward comment="accept established,related, untracked" connection-state=established,related,untracked
    /ip firewall filter add action=drop chain=forward comment="drop invalid" connection-state=invalid
    /ip firewall filter add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
    /ip firewall raw add action=accept chain=prerouting comment="enable for transparent firewall" disabled=yes
    /ip firewall raw add action=accept chain=prerouting comment="accept DHCP discover" dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=udp src-address=0.0.0.0 src-port=68
    /ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" src-address-list=bad_ipv4
    /ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" dst-address-list=bad_ipv4
    /ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" src-address-list=bad_src_ipv4
    /ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" dst-address-list=bad_dst_ipv4
    /ip firewall raw add action=drop chain=prerouting comment="drop non global from WAN" in-interface-list=WAN src-address-list=not_global_ipv4
    /ip firewall raw add action=drop chain=prerouting comment="drop forward to local lan from WAN" dst-address=192.168.88.0/24 in-interface-list=WAN
    /ip firewall raw add action=drop chain=prerouting comment="drop local if not from default IP range" in-interface-list=LAN src-address=!192.168.88.0/24
    /ip firewall raw add action=drop chain=prerouting comment="drop bad UDP" port=0 protocol=udp
    /ip firewall raw add action=jump chain=prerouting comment="jump to ICMP chain" jump-target=icmp4 protocol=icmp
    /ip firewall raw add action=jump chain=prerouting comment="jump to TCP chain" jump-target=bad_tcp protocol=tcp
    /ip firewall raw add action=accept chain=prerouting comment="accept everything else from LAN" in-interface-list=LAN
    /ip firewall raw add action=accept chain=prerouting comment="accept everything else from WAN" in-interface-list=WAN
    /ip firewall raw add action=drop chain=prerouting comment="drop the rest"
    /ip firewall raw add action=drop chain=bad_tcp comment="TCP flag filter" protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
    /ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,syn
    /ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,rst
    /ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,!ack
    /ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,urg
    /ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=syn,rst
    /ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=rst,urg
    /ip firewall raw add action=drop chain=bad_tcp comment=TCP port 0 drop" port=0 protocol=tcp
    /ip firewall raw add action=accept chain=icmp4 comment=echo reply icmp-options=0:0 limit=5,10:packet protocol=icmp
    /ip firewall raw add action=accept chain=icmp4 comment=net unreachable icmp-options=3:0 protocol=icmp
    /ip firewall raw add action=accept chain=icmp4 comment=host unreachable icmp-options=3:1 protocol=icmp
    /ip firewall raw add action=accept chain=icmp4 comment=protocol unreachable icmp-options=3:2 protocol=icmp
    /ip firewall raw add action=accept chain=icmp4 comment=port unreachable icmp-options=3:3 protocol=icmp
    /ip firewall raw add action=accept chain=icmp4 comment=fragmentation needed icmp-options=3:4 protocol=icmp
    /ip firewall raw add action=accept chain=icmp4 comment=echo icmp-options=8:0 limit=5,10:packet protocol=icmp
    /ip firewall raw add action=accept chain=icmp4 comment=time exceeded icmp-options=11:0-255 protocol=icmp
    /ip firewall raw add action=drop chain=icmp4 comment=drop other icmp protocol=icmp

Új hozzászólás Aktív témák