/ip firewall filter add chain=input connection-state=established action=accept comment=”accept established connection packets” disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment=”accept related connection packets” disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”drop invalid packets” disabled=no
/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow Established Connections” disabled=no
/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow Related Connections” disabled=no
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop Invalid Connections” disabled=no
/ip firewall address-list add list=trusted-network address=192.168.0.0/24 comment=”Trusted Network” disabled=no
/ip firewall address-list add list=trusted-network address=10.10.1.0/24 comment=”Trusted Network” disabled=no
/ip firewall filter add chain=input dst-address-type=broadcast,multicast action=accept comment=”Allow Broadcast Traffic” disabled=no
/ip firewall filter add chain=input src-address=192.168.0.0/24 action=accept comment=”Allow access to router from known network” disabled=no
/ip firewall filter add chain=input src-address=10.10.1.0/24 action=accept comment=”” disabled=no
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP” disabled=no
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow Limited Pings” disabled=no
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop Excess Pings” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=trusted-network action=accept comment=”FTP” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=trusted-network action=accept comment=”SSH for Secure Shell” disabled=n
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=trusted-network action=accept comment=”Telnet” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=trusted-network action=accept comment=”Web” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=trusted-network action=accept comment=”Winbox” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server” disabled=no
/ip firewall filter add chain=input src-address-list=trusted-network action=accept comment=”From Trusted Network” disabled=no
/ip firewall filter add chain=input action=log log-prefix=”DROP INPUT” comment=”Log Everything Else” disabled=no
/ip firewall filter add chain=input action=drop comment=”Drop Everything Else” disabled=no
/ip firewall filter add chain=output dst-port=5678 protocol=udp action=drop comment="Blok Scan Winbox"
Simple Firewall Mikrotik
Setelah browsing mencari bahan untuk meramu firewall akhirnya selesai juga, firewall yang sederhana masih banyak kekurangan. ini firewallnya :
Rabu, 14 April 2010
1 komentar:
gan.... itu fungsinya apaan??? ane g faham gan...newbie teri
Posting Komentar