Minimum Mikrotik Firewall Rules

Home / firewall / Minimum Mikrotik Firewall Rules

Minimum Mikrotik Firewall Rules

Posted by Admin Thursday, December 9, 2010 0 comments

To prevent our network from hacker attack, i use this Minimum Mikrotik Firewall Rules. This Rules is my minimum setting, you can expand it dpend on your network necessery. Here's the code :

/ip firewall filter

add action=drop chain=input comment="" disabled=no dst-port=20-21 protocol=\
tcp src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp \
src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=23 protocol=tcp \
src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=80 protocol=tcp \
src-address-list=!allow

add action=drop chain=forward comment="" disabled=no dst-port=445 \
out-interface=public_interface protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137-139 \
out-interface=public_interface protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137-139 \
out-interface=public_interface protocol=udp
add action=drop chain=forward comment="block spammer or infected users" \
disabled=no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 protocol=tcp \
src-address-list=spammer
add action=log chain=forward comment="trap spammers" connection-limit=30,32 \
disabled=no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 limit=50,5 \
log-prefix=spammertrap protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=forward comment="trap spammers" connection-limit=30,32 disabled=\
no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 limit=50,5 protocol=tcp

Mikrotik How To

Minimum Mikrotik Firewall Rules

If You Like This Post, Share it With Your Friends

0 comments:

Post a Comment

Popular Posts

Labels

Stats

About

Blog Archive