Minimum Mikrotik Firewall Rules
Thursday, December 9, 2010
0
comments
/ip firewall filter
add action=drop chain=input comment="" disabled=no dst-port=20-21 protocol=\
tcp src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=22 protocol=tcp \
src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=23 protocol=tcp \
src-address-list=!allow
add action=drop chain=input comment="" disabled=no dst-port=80 protocol=tcp \
src-address-list=!allow
add action=drop chain=forward comment="" disabled=no dst-port=445 \
out-interface=public_interface protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137-139 \
out-interface=public_interface protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=137-139 \
out-interface=public_interface protocol=udp
add action=drop chain=forward comment="block spammer or infected users" \
disabled=no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 protocol=tcp \
src-address-list=spammer
add action=log chain=forward comment="trap spammers" connection-limit=30,32 \
disabled=no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 limit=50,5 \
log-prefix=spammertrap protocol=tcp
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=forward comment="trap spammers" connection-limit=30,32 disabled=\
no dst-address=!xxx.xxx.xxx.xxx/xx dst-port=25 limit=50,5 protocol=tcp
0 comments:
Post a Comment