Scribd
Upload
312 views3 pages

Firewall

The document provides instructions for configuring firewall rules on a Mikrotik router to enhance security. It includes rules to drop invalid connections, allow specific protocols and ports for trusted networks, block known malware and viruses targeting certain ports, detect and block VPN and anonymity software, and prioritize ICMP traffic to stabilize ping responses during periods of high network usage.

Uploaded by

Wawan Naning A'im
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
312 views3 pages

Firewall

The document provides instructions for configuring firewall rules on a Mikrotik router to enhance security. It includes rules to drop invalid connections, allow specific protocols and ports for trusted networks, block known malware and viruses targeting certain ports, detect and block VPN and anonymity software, and prioritize ICMP traffic to stabilize ping responses during periods of high network usage.

Uploaded by

Wawan Naning A'im
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Firewall Untuk Keamanan Mikrotik

/ip firewall filter add chain=input connection-state=invalid action=drop comment=Drop_invalid_connections /ip firewall filter add chain=input protocol=udp action=accept comment=UDP /ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=Allow_limited_pings /ip firewall filter add chain=input protocol=icmp action=drop comment=Drop_excess_pings /ip firewall filter add chain=input protocol=tcp dst-port=21 src-addresslist=ournetwork action=accept comment=FTP /ip firewall filter add chain=input protocol=tcp dst-port=22 src-addresslist=ournetwork action=accept comment=SSH_for_secure_shell /ip firewall filter add chain=input protocol=tcp dst-port=23 src-addresslist=ournetwork action=accept comment=Telnet /ip firewall filter add chain=input protocol=tcp dst-port=80 src-addresslist=ournetwork action=accept comment=Web /ip firewall filter add chain=input protocol=tcp dst-port=8291 src-addresslist=ournetwork action=accept comment=winbox /ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=pptp-server /ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=Log_everything_else /ip firewall filter add chain=input protocol=tcp dst-port=23 src-addresslist=ournetwork action=accept comment=Telnet /ip firewall filter add chain=input protocol=tcp dst-port=80 src-addresslist=ournetwork action=accept comment=Web1 /ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection newconnection-mark=icmp-con passthrough=yes comment= bikin_cepat_ping_dan_dns /ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=pptp-server /ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=Logeverythingelse /ip firewall filter add chain=input protocol=tcp dst-port=8291 src-addresslist=ournetwork action=accept comment=winbox1
===========================================================================================================================

BLOCK NETCUT & CONFIKER


/ip firewall filter add action=accept chain=input comment="default configuration (anti netcut, defaultnya accept)" disabled=no protocol=icmp /ip firewall filter add chain=forward protocol=udp src-port=135-139 action=drop comment=";;Block W32.Kido - Conficker" disabled=no add chain=forward protocol=udp dst-port=135-139 action=drop comment="" disabled=no add chain=forward protocol=udp src-port=445 action=drop comment="" disabled=no add chain=forward protocol=udp dst-port=445 action=drop comment="" disabled=no add chain=forward protocol=tcp src-port=135-139 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=135-139 action=drop comment="" disabled=no add chain=forward protocol=tcp src-port=445 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=445 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=4691 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=5933 action=drop comment="" disabled=no add chain=forward protocol=udp dst-port=5355 action=drop comment="Block LLMNR" disabled=no add chain=forward protocol=udp dst-port=4647 action=drop comment="" disabled=no add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp srcport=25 add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp /ip firewall filter add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment=Anti-Netcut disabled=no dst-port=0-65535 dst-port=0-65535 dst-port=0-65535 dst-port=0-65535 dst-port=0-65535

protocol=tcp src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=63.245.213.1-63.245.213.254

dst-port=0-65535 dst-port=0-65535 dst-port=0-65535 dst-port=0-65535

===========================================================================================================================

Detect and Block Hotspot Shield program traffic (vpn application)


/ip firewall mangle add action=add-dst-to-address-list address-list=WhiteList \ address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\ !127.0.0.1:895 disabled=no dst-port=80 protocol=tcp add action=add-src-to-address-list address-list=HotSpotShieldUsers \ address-list-timeout=12h chain=prerouting comment=HotSpotShieldUsers \ content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp add action=add-dst-to-address-list address-list=WhiteList \ address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\ !127.0.0.1:895 disabled=no dst-port=443 protocol=tcp /ip firewall filter add action=drop chain=forward comment="\"Block HotSpot Shield\"" disabled=no \ src-address-list=HotSpotShieldUsers
===========================================================================================================================

Detect and Block UltraSurf program traffic


/ip firewall filter add action=drop chain=forward comment="Block UltraSurf" disabled=no dst-port=\ 443 protocol=tcp src-address-list=UltraSurfUsers /ip firewall mangle add action=add-src-to-address-list address-list=UltraSurfUsers \ address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=\ no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp /ip firewall address-list add address=65.49.0.0/17 comment="" disabled=no list=UltraSurfServers add address=204.107.140.0/24 comment="" disabled=no list=UltraSurfServers
===========================================================================================================================

KEAMANAN MIKROTIK DARI SERANGAN VIRUS PORT


/ip firewall filter add chain=forward connection-state=invalid action=drop comment=drop_invalid_connections /ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop_Blaster_Worm /ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=Worm /ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=Drop_Blaster_Worm /ip firewall filter add chain=virus protocol=udp dst-port=445 action=drop comment=Drop_Blaster_Worm /ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=________ /ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=__________ /ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment= Drop_MyDoom /ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=______ /ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=ndm requester /ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=ndm server /ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=screen cast /ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=hromgrafx

/ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=cichlid /ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=BagleVirus /ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=DropDumaruY /ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=DropBeagle /ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=DropBeagle_C-K /ip firewall filter add chain=virus protocol=tcp dst-port=3127 action=drop comment=DropMyDoom /ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=DropBackdoorOptixPro /ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=Worm1 /ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=Worm2 /ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=DropSasser /ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=DropBeagleB /ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=DropDabber-A-B /ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=DropMyDoom-B /ip firewall filter add chain=virus protocol=tcp dst-port=12345 action=drop comment=DropNetBus /ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=DropSubSeven /ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=DropPhatBot,Agobot,Gaobot /ip firewall filter add chain=forward action=jump jump-target=virus comment=jump to the virus chain
===========================================================================================================================

men stabilkan ping saat koneksi padat


/ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection newconnection-mark=ICMP_KONEKSI passthrough=yes comment="ICMP_KONEKSI" disabled=no /ip firewall mangle add chain=prerouting protocol=icmp connection-mark=ICMP_KONEKSI action=mark-packet new-packet-mark=ICMP_PAKET passthrough=no comment="ICMP_PAKET" disabled=no /queue tree add name="==KONDISI_PING==" parent=global-total packet-mark=ICMP_PAKET limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
===========================================================================================================================

You might also like