Új hozzászólás Aktív témák

• #13511 DonJoee tag bacus #13505

  Új Válasz 2021-04-08 13:33:55 #13511

  Új hozzászólás

  Összes hozzászólása itt Válaszok az összes hozzászólására itt Válaszok erre a hozzászólásra

  Privát üzenet küldése

  

  DonJoee

  tag

  válasz bacus #13505 üzenetére

  Köszi!
  Az alap "Skori"-dolgokból építkeztem, meg a vendég wifit leválasztottam a LAN-ról.
  De nézd meg te is, kérlek. Azt hiszem, sikerült "open world"-kompatibilissé tennem az exportot (nincs benne érzékeny adat):
  
  # apr/08/2021 13:12:00 by RouterOS 6.47.9
# model = RB4011iGS+5HacQ2HnD

/ip firewall address-list
add address=x.y.z.2-x.y.z.254 list=Guest_WiFi
add address=0.0.0.0/8 list=BlackList
add address=127.0.0.0/8 list=BlackList
add address=224.0.0.0/3 list=BlackList
add address=a.b.0.0/16 list=Local
add address=x.x.0.0/16 list=Local
add address=x.y.z.0/24 list=Local
add address=213.108.134.181 list=BlackList
add address=213.108.134.182 list=BlackList
add address=213.108.134.183 list=BlackList

/ip firewall filter
add action=drop chain=input comment="Guest WiFi internet only" dst-address=\
    x.y.z.1 dst-port=21,22,23,80,443,1723,2000,8291 protocol=tcp \
    src-address-list=Guest_WiFi
add action=drop chain=forward dst-address-list=Local src-address-list=\
    Guest_WiFi

add action=drop chain=input comment="DNS from LAN only" dst-address-list=\
    !Local dst-port=53 protocol=udp

add action=fasttrack-connection chain=forward comment="FastTrack enable" \
    connection-state=established,related dst-address-list=Local
add action=accept chain=forward connection-state=established,related
add action=drop chain=input connection-state=invalid
add action=drop chain=forward connection-state=invalid
add action=accept chain=input connection-state=established
add action=accept chain=input in-interface-list=!WAN src-address-list=Local

add action=add-src-to-address-list address-list=BlackList \
    address-list-timeout=1d10m chain=input comment=\
    "Blacklisting of port scanners" protocol=tcp psd=21,3s,3,1 tcp-flags=""
add action=add-src-to-address-list address-list=BlackList \
    address-list-timeout=6h chain=input dst-port=20-1023,8000,8080,8291 \
    protocol=tcp src-address-list=!Local
add action=add-src-to-address-list address-list=BlackList \
    address-list-timeout=6h chain=input dst-port=\
    20-122,124-499,501-1023,8000,8080,8291 log-prefix=UDP-block protocol=udp \
    src-address-list=!Local
add action=drop chain=input log-prefix=Input-BlackList src-address-list=\
    BlackList
add action=drop chain=forward src-address-list=BlackList

add action=add-src-to-address-list address-list=VPN_login \
    address-list-timeout=1m30s chain=input comment="VPN login protection" \
    connection-state=new dst-port=1723 protocol=tcp src-address-list=\
    !VPN_logged
add action=add-src-to-address-list address-list=VPN_logged \
    address-list-timeout=59m chain=input connection-state=new dst-port=1723 \
    protocol=tcp src-address-list=!VPN_logged
add action=add-src-to-address-list address-list=BlackList \
    address-list-timeout=5h59m chain=input connection-state=new dst-port=1723 \
    protocol=tcp src-address-list=!VPN_logged

/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN1
add action=masquerade chain=srcnat out-interface-list=WAN2
add action=masquerade chain=srcnat out-interface-list=WAN3
add action=masquerade chain=srcnat comment="VPN internet access" disabled=yes \
    src-address=x.x.z.0/24

add action=dst-nat chain=dstnat comment="New broadcast address for WOW" \
dst-port=abcde in-interface-list=WAN protocol=\
    udp to-addresses=x.x.w.254 to-ports=9

add action=dst-nat comment="Port forwarding for clients" chain=dstnat \
dst-port=xxxx1 in-interface-list=WAN \
    protocol=tcp to-addresses=x.x.0.201 to-ports=yyyyy
add action=dst-nat chain=dstnat dst-port=xxxx2 in-interface-list=WAN \
    protocol=tcp to-addresses=x.x.0.202 to-ports=yyyyy
add action=dst-nat chain=dstnat dst-port=xxxx3 in-interface-list=WAN \
    protocol=tcp to-addresses=x.x.0.203 to-ports=yyyyy
...
...
...

Új hozzászólás Aktív témák