-
Fototrend
Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.
Új hozzászólás Aktív témák
-
#12804
allnickused
tag
bacus
#12803
allnickused
tag
Ez kábé milyen?
/ip firewall filter add action=drop chain=input comment="PING input drop" icmp-options=8:0-255 in-interface=!bridge protocol=icmp
/ip firewall filter add action=accept chain=input comment="accept ICMP after RAW" protocol=icmp
/ip firewall filter add action=accept chain=input comment="accept established,related,untracked" connection-state=established,related
/ip firewall filter add action=accept chain=input src-address-list=allowed_to_router
/ip firewall filter add action=drop chain=input comment="drop all not coming from LAN" in-interface-list=!LAN
/ip firewall filter add action=accept chain=forward comment="accept all that matches IPSec policy" disabled=yes ipsec-policy=in,ipsec
/ip firewall filter add action=drop chain=forward comment="drop bad forward IPs" src-address-list=no_forward_ipv4
/ip firewall filter add action=drop chain=forward comment="drop bad forward IPs" dst-address-list=no_forward_ipv4
/ip firewall filter add action=fasttrack-connection chain=forward comment="fasttrack" connection-state=established,related disabled=yes
/ip firewall filter add action=accept chain=forward comment="accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=forward comment="drop invalid" connection-state=invalid
/ip firewall filter add action=drop chain=forward comment="drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall raw add action=accept chain=prerouting comment="enable for transparent firewall" disabled=yes
/ip firewall raw add action=accept chain=prerouting comment="accept DHCP discover" dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=udp src-address=0.0.0.0 src-port=68
/ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" src-address-list=bad_ipv4
/ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" dst-address-list=bad_ipv4
/ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" src-address-list=bad_src_ipv4
/ip firewall raw add action=drop chain=prerouting comment="drop bogon IP's" dst-address-list=bad_dst_ipv4
/ip firewall raw add action=drop chain=prerouting comment="drop non global from WAN" in-interface-list=WAN src-address-list=not_global_ipv4
/ip firewall raw add action=drop chain=prerouting comment="drop forward to local lan from WAN" dst-address=192.168.88.0/24 in-interface-list=WAN
/ip firewall raw add action=drop chain=prerouting comment="drop local if not from default IP range" in-interface-list=LAN src-address=!192.168.88.0/24
/ip firewall raw add action=drop chain=prerouting comment="drop bad UDP" port=0 protocol=udp
/ip firewall raw add action=jump chain=prerouting comment="jump to ICMP chain" jump-target=icmp4 protocol=icmp
/ip firewall raw add action=jump chain=prerouting comment="jump to TCP chain" jump-target=bad_tcp protocol=tcp
/ip firewall raw add action=accept chain=prerouting comment="accept everything else from LAN" in-interface-list=LAN
/ip firewall raw add action=accept chain=prerouting comment="accept everything else from WAN" in-interface-list=WAN
/ip firewall raw add action=drop chain=prerouting comment="drop the rest"
/ip firewall raw add action=drop chain=bad_tcp comment="TCP flag filter" protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
/ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,syn
/ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,rst
/ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,!ack
/ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=fin,urg
/ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=syn,rst
/ip firewall raw add action=drop chain=bad_tcp comment=protocol=tcp tcp-flags=rst,urg
/ip firewall raw add action=drop chain=bad_tcp comment=TCP port 0 drop" port=0 protocol=tcp
/ip firewall raw add action=accept chain=icmp4 comment=echo reply icmp-options=0:0 limit=5,10:packet protocol=icmp
/ip firewall raw add action=accept chain=icmp4 comment=net unreachable icmp-options=3:0 protocol=icmp
/ip firewall raw add action=accept chain=icmp4 comment=host unreachable icmp-options=3:1 protocol=icmp
/ip firewall raw add action=accept chain=icmp4 comment=protocol unreachable icmp-options=3:2 protocol=icmp
/ip firewall raw add action=accept chain=icmp4 comment=port unreachable icmp-options=3:3 protocol=icmp
/ip firewall raw add action=accept chain=icmp4 comment=fragmentation needed icmp-options=3:4 protocol=icmp
/ip firewall raw add action=accept chain=icmp4 comment=echo icmp-options=8:0 limit=5,10:packet protocol=icmp
/ip firewall raw add action=accept chain=icmp4 comment=time exceeded icmp-options=11:0-255 protocol=icmp
/ip firewall raw add action=drop chain=icmp4 comment=drop other icmp protocol=icmp
Új hozzászólás Aktív témák
ekkold- iKing - Apple iPhone 15 Pro Natural Titanium ProMotion 120 Hz, A17 Pro, USB-C 128 GB
- Microsoft Surface Go 2 m3-8100Y 8GB 128GB 4G LTE 1 év garancia
- ÁRGARANCIA!Épített KomPhone Ryzen 5 7600X 32/64GB RAM RTX 5060 Ti 8GB GAMER PC termékbeszámítással
- ÁRGARANCIA!Épített KomPhone Ryzen 7 7800X3D 32/64GB RAM RTX 5090 32GB GAMER PC termékbeszámítással
- Készpénzes számítógép PC félkonfig alkatrész hardver felvásárlás személyesen / postával korrekt áron
Állásajánlatok
Cég: PCMENTOR SZERVIZ KFT.
Város: Budapest
Cég: Laptopműhely Bt.
Város: Budapest