Minimum Mikrotik Firewall Rules

Posted by Admin Thursday, December 9, 2010 0 comments
To prevent our network from hacker attack, i use this Minimum Mikrotik Firewall Rules. This Rules is my minimum setting, you can expand it dpend on your network necessery. Here's the code :


/ip firewall filter

add action=drop chain=input comment="" disabled=no dst-port=20-21 protocol=\
tcp src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp \
src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=23 protocol=tcp \
src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=80 protocol=tcp \
src-address-list=!allow

add action=drop chain=forward comment="" disabled=no dst-port=445 \
out-interface=public_interface protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137-139 \
out-interface=public_interface protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137-139 \
out-interface=public_interface protocol=udp
add action=drop chain=forward comment="block spammer or infected users" \
disabled=no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 protocol=tcp \
src-address-list=spammer
add action=log chain=forward comment="trap spammers" connection-limit=30,32 \
disabled=no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 limit=50,5 \
log-prefix=spammertrap protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=forward comment="trap spammers" connection-limit=30,32 disabled=\
no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 limit=50,5 protocol=tcp

0 comments:

Post a Comment