Firewall Untuk Router Mikrotik

Firewall untuk router mikrotik
Untuk mengamankan router mikrotik dari traffic virus dan excess ping dapat digunakan
skrip firewall berikut
Pertama buat address-list ournetwork yang berisi alamat IP radio, IP L! dan IP "!
atau IP lainnya yang dapat dipercaya
#alam conto$ berikut alamat IP radio adala$ % &'('('(')&*, IP L! % &+,(&*-(,('),.
dan IP "! % ,'/(-+(,.('),& dan IP lainnya yang dapat dipercaya % ,',(*0(//(0
Untuk membuat address-list dapat menggunakan conto$ skrip seperti berikut ini tinggal
disesuaikan dengan konfigurasi 1aringan nda(
2uat skrtip berikut menggunakan notepad kemudian copy-paste ke console mikrotik
/ ip firewall address-list
add list=ournetwork address=203.89.24.0/21 comment=atautama !etwork "
disa#led=no
add list=ournetwork address=10.0.0.0/1$ comment=%& 'adio disa#led=no
add list=ournetwork address=192.1$8.2.0/24 comment=()! !etwork
disa#led=no
3elan1utnya copy-paste skrip berikut pada console mikrotik
/ ip firewall filter
add c*ain=forward connection-state=esta#lis*ed action=accept comment=allow "
esta#lis*ed connections disa#led=no
add c*ain=forward connection-state=related action=accept comment=allow "
related connections disa#led=no
add c*ain=+irus protocol=udp dst-port=13,-139 action=drop comment=rop "
-essen.er /orm disa#led=no
add c*ain=forward connection-state=in+alid action=drop comment=drop in+alid "
connections disa#led=no
add c*ain=+irus protocol=tcp dst-port=13,-139 action=drop comment=rop "
0laster /orm disa#led=no
add c*ain=+irus protocol=tcp dst-port=1433-1434 action=drop comment=/orm "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=44, action=drop comment=rop 0laster "
/orm disa#led=no
add c*ain=+irus protocol=udp dst-port=44, action=drop comment=rop 0laster "
/orm disa#led=no
add c*ain=+irus protocol=tcp dst-port=,93 action=drop comment=11111111 "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=1024-1030 action=drop
comment=11111111 "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=1080 action=drop comment=rop
-2oom "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=1214 action=drop comment=11111111 "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=13$3 action=drop comment=ndm
re3uester "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=13$4 action=drop comment=ndm ser+er "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=13$8 action=drop comment=screen cast "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=1343 action=drop comment=*rom.raf5 "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=1344 action=drop comment=cic*lid "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=244, action=drop comment=0a.le 6irus "
disa#led=no
umaru.7 "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=2,3, action=drop comment=rop 0ea.le "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=244, action=drop comment=rop "
0ea.le.8-9 disa#led=no
-2oom "
disa#led=no
0ackdoor "
:pti5&ro disa#led=no
add c*ain=+irus protocol=tcp dst-port=4444 action=drop comment=/orm "
disa#led=no
add c*ain=+irus protocol=udp dst-port=4444 action=drop comment=/orm "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=,,,4 action=drop comment=rop ;asser "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=88$$ action=drop comment=rop
0ea.le.0 "
disa#led=no
add c*ain=+irus protocol=tcp dst-port=9898 action=drop comment=rop "
a##er.)-0 disa#led=no
umaru.7< se#aikn2a di didisa#le karena =u.a serin. di.unakan utk +pn atau "
we#min disa#led=2es
-2oom.0 disa#led=no
add c*ain=+irus protocol=tcp dst-port=1234, action=drop comment=rop
!et0us "
disa#led=no
9uan.2> "
disa#led=no
;u#;e+en disa#led=no
add c*ain=+irus protocol=tcp dst-port=$,,0$ action=drop comment=rop
&*at0ot< "
).o#ot< ?ao#ot disa#led=no
add c*ain=forward action==ump =ump-tar.et=+irus comment==ump to t*e +irus "
c*ain disa#led=no
add c*ain=input connection-state=esta#lis*ed action=accept comment=)ccept "
esta#lis*ed connections disa#led=no
add c*ain=input connection-state=related action=accept comment=)ccept related "
add c*ain=input connection-state=in+alid action=drop comment=rop in+alid "
add c*ain=input protocol=udp action=accept comment=@& disa#led=no
add c*ain=input protocol=icmp limit=,0/,s<2 action=accept comment=)llow "
limited pin.s disa#led=no
add c*ain=input protocol=icmp action=drop comment=rop e5cess pin.s "
disa#led=no
add c*ain=input protocol=tcp dst-port=21 src-address-list=ournetwork "
action=accept comment=FA& disa#led=no
action=accept comment=;;B for secure s*ell disa#led=no
action=accept comment=Aelnet disa#led=no
action=accept comment=/e# disa#led=no
action=accept comment=win#o5 disa#led=no
add c*ain=input protocol=tcp dst-port=1423 action=accept comment=pptp-ser+er
"
disa#led=no
add c*ain=input src-address-list=ournetwork action=accept comment=From "
atautama network disa#led=no
add c*ain=input action=lo. lo.-prefi5=':& %!&@A comment=(o.
e+er2t*in. "
else disa#led=no
add c*ain=input action=drop comment=rop e+er2t*in. else disa#led=no
4fek dari skrip diatas adala$5
&( router mikrotik $anya dapat diakses 67P, 338, "eb dan "inbox dari IP yang
didefinisikan dalam address-list ournetwork se$ingga tidak bisa diakses dari
sembarang tempat(
,( Port-port yang sering dimanfaatkan virus di blok se$ingga traffic virus tidak dapat
dilewatkan, tetapi perlu diper$atikan 1ika ada user yang kesulitan mengakses
service tertentu $arus dicek pada c$ain%virus apaka$ port yang dibutu$kan user
tersebut terblok ole$ firewall(
/( Packet ping dibatasi untuk meng$indari excess ping(
3elain itu yang perlu diper$atikan adala$5 sebaiknya buat user baru dan password dengan
group full kemudian disable user admin, $al ini untuk meminimasi resiko mikrotik nda
di $ack orang(
3elamat mencoba
source dari teman, #utaUtama

Firewall Untuk Router Mikrotik

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Firewall Untuk Router Mikrotik

Uploaded by

Copyright:

Available Formats

Firewall untuk router mikrotik

You might also like