Catatan Script Mikrotik-ku: FIREWALL FILTER

# jun/23/2012 16:26:56 by RouterOS 5.6

/ip firewall filter
add action=drop chain=forward comment="Drop Port Terlarang" disabled=no \
    dst-port=40016 protocol=udp
add action=drop chain=virus disabled=no dst-port=135-139 protocol=udp
add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus disabled=no dst-port=445 protocol=udp
add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp
add action=add-src-to-address-list address-list=PortScanner \
    address-list-timeout=2w chain=input comment="Drop Port Scanner" disabled=\
    no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=PortScanner \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=PortScanner \
    address-list-timeout=2w chain=input disabled=no protocol=tcp tcp-flags=\
    fin,syn

Catatan Script Mikrotik-ku

Saturday, June 23, 2012

FIREWALL FILTER

No comments:

Post a Comment

Blog Archive