Scribd Logo
Upload

Welcome to Scribd!

  • Annisa Rezdky Andini Ab Xii TKJ 5

    Uploaded by

    Annisa Rezdky Andini
    28 views6 pages
    Script Firewall Melalui VirtualBox

    Original Title

    Script Firewall

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Script Firewall Melalui VirtualBox

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views6 pages

    Annisa Rezdky Andini Ab Xii TKJ 5

    Uploaded by

    Annisa Rezdky Andini
    Script Firewall Melalui VirtualBox

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Annisa Rezdky Andini Ab

    XII TKJ 5

    Script Firewall

     Ip firewall filter add chain=drop protocol=udp port=143 action=drop


    comment=”drop port 143” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=135-139 action=drop
    comment=”drop port 135-139” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=445 action=drop
    comment=”drop port 445” disabled=no
     Ip firewall filter add chain=drop protocol=udp port=445 action=drop
    comment=”drop port 445” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=593 action=drop
    comment=”drop port 593” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1024-1030 action=drop
    comment=”drop port 1024-1030” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1080 action=drop
    comment=”drop port 1080” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1214 action=drop
    comment=”drop port 1214” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1363 action=drop
    comment=”drop port 1363” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1364 action=drop
    comment=”drop port 1364” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1368 action=drop
    comment=”drop port 1368” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1373 action=drop
    comment=”drop port 1373” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1377 action=drop
    comment=”drop port 1377” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=1433-1434 action=drop
    comment=”drop port 1433-1434” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=2745 action=drop
    comment=”drop port 2745” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=2283 action=drop
    comment=”drop port 2283” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=2535 action=drop
    comment=”drop port 2535” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=3127-3128 action=drop
    comment=”drop port 3127-3128” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=4444 action=drop
    comment=”drop port 4444” disabled=no
     Ip firewall filter add chain=drop protocol=udp port=4444 action=drop
    comment=”drop port 4444” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=5554 action=drop
    comment=”drop port 5554” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=8868 action=drop
    comment=”drop port 8868” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=9898 action=drop
    comment=”drop port 9898” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=10080 action=drop
    comment=”drop port 10080” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=12345 action=drop
    comment=”drop port 12345” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=17300 action=drop
    comment=”drop port 17300” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=27374 action=drop
    comment=”drop port 27374” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=65506 action=drop
    comment=”drop port 65506” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=22 action=drop
    comment=”drop port 22” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=21 action=drop
    comment=”drop port 21” disabled=no
     Ip firewall filter add chain=drop protocol=tcp port=23 action=drop
    comment=”drop port 23” disabled=no

     Ip firewall filter add chain=drop protocol=udp dst-port=143 src-address-list=blaclist


    action=drop comment=”drop port 143” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=135-139 src-address-
    list=blaclist action=drop comment=”drop port 135-139” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=445 src-address-list=blaclist
    action=drop comment=”drop port 445” disabled=no
     Ip firewall filter add chain=drop protocol=udp dst-port=445 src-address-
    list=blaclist action=drop comment=”drop port 445” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=593 src-address-list=blaclist
    action=drop comment=”drop port 593” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1024-1030 src-address-
    list=blaclist action=drop comment=”drop port 1024-1030” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1080 src-address-
    list=blaclist action=drop comment=”drop port 1080” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1214 src-address-
    list=blaclist action=drop comment=”drop port 1214” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1363 src-address-
    list=blaclist action=drop comment=”drop port 1363” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1364 src-address-
    list=blaclist action=drop comment=”drop port 1364” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1368 src-address-
    list=blaclist action=drop comment=”drop port 1368” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1373 src-address-
    list=blaclist action=drop comment=”drop port 1373” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1377 src-address-
    list=blaclist action=drop comment=”drop port 1377” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=1433-1434 src-address-
    list=blaclist action=drop comment=”drop port 1433-1434” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=2745 src-address-
    list=blaclist action=drop comment=”drop port 2745” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=2283 src-address-
    list=blaclist action=drop comment=”drop port 2283” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=2535 src-address-
    list=blaclist action=drop comment=”drop port 2535” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=3127-3128 src-address-
    list=blaclist action=drop comment=”drop port 3127-3128” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=4444 src-address-
    list=blaclist action=drop comment=”drop port 4444” disabled=no
     Ip firewall filter add chain=drop protocol=udp dst-port=4444 src-address-
    list=blaclist action=drop comment=”drop port 4444” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=5554 src-address-
    list=blaclist action=drop comment=”drop port 5554” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=8868 src-address-
    list=blaclist action=drop comment=”drop port 8868” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=9898 src-address-
    list=blaclist action=drop comment=”drop port 9898” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=10080 src-address-
    list=blaclist action=drop comment=”drop port 10080” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=12345 src-address-
    list=blaclist action=drop comment=”drop port 12345” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=17300 src-address-
    list=blaclist action=drop comment=”drop port 17300” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=27374 src-address-
    list=blaclist action=drop comment=”drop port 27374” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=65506 src-address-
    list=blaclist action=drop comment=”drop port 65506” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=22 src-address-list=blaclist
    action=drop comment=”drop port 22” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=21 src-address-list=blaclist
    action=drop comment=”drop port 21” disabled=no
     Ip firewall filter add chain=drop protocol=tcp dst-port=23 src-address-list=blaclist
    action=drop comment=”drop port 23” disabled=no

     Ip address add address=192.168.5.3/24 interface=ether1


     Ip firewall filter add chain=input protocol=tcp port=5060,5061,5064 action=accept
    src-address-list=allow dst-port=5060,5061,5064 disabled=no
     Ip firewall filter add chain=input protocol=udp port=5060,5061,5064
    action=accept src-address-list=allow dst-port=5060,5061,5064 disabled=no
     Ip firewall filter add chain=input protocol=udp port=80 action=accept src-address-
    list=allow dst-port=80 disabled=no
     Ip firewall filter add chain=input protocol=tcp port=123 action=accept src-address-
    list=allow dst-port=123 disabled=no
     Ip firewall filter add chain=input protocol=tcp port=2208 action=accept src-
    address-list=allow dst-port=2208 disabled=no
     Ip firewall filter add chain=input protocol=tcp port=443-450 action=accept src-
    address-list=allow dst-port=443-450 disabled=no

     Ip firewall filter add action=drop chain=input comment="Drop Invalid


    connections" connection-state=invalid
     Ip firewall filter add chain=input comment="Allow Established connections"
    connection-state=established
     Ip firewall filter add chain=input comment="Allow ICMP" protocol=icmp
     Ip firewall filter add chain=input in-interface=ether1 src-address=192.168.5.3/24
     Ip firewall filter add action=drop chain=input comment="Drop everything else"
     Ip firewall filter add action=drop chain=forward comment="drop invalid
    connections" connection-state=invalid protocol=tcp
     Ip firewall filter add chain=forward comment="allow already established
    connections" connection-state=established
     Ip firewall filter add chain=forward comment="allow related connections"
    connection-state=related
     Ip firewall filter add action=drop chain=forward src-address=0.0.0.0/8
     Ip firewall filter add action=drop chain=forward dst-address=0.0.0.0/8
     Ip firewall filter add action=drop chain=forward src-address=127.0.0.0/8
     Ip firewall filter add action=drop chain=forward dst-address=127.0.0.0/8
     Ip firewall filter add action=drop chain=forward comment="Int range - class D and
    E multicasts" src-address=224.0.0.0/3
     Ip firewall filter add action=drop chain=forward dst-address=224.0.0.0/3
     Ip firewall filter add action=jump chain=forward jump-target=tcp protocol=tcp
     Ip firewall filter add action=jump chain=forward jump-target=udp protocol=udp
     Ip firewall filter add action=jump chain=forward jump-target=icmp protocol=icmp

     Ip firewall filter add action=drop chain=tcp comment="deny TFTP" disabled=yes


    dst-port=69 protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny RPC portmapper"
    dst-port=111 protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny RPC portmapper"
    dst-port=135 protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny NBT" dst-port=137-
    139 protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny cifs" dst-port=445
    protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny NFS" dst-port=2049
    protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny NetBus" dst-
    port=12345-12346 protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny NetBus" dst-
    port=20034 protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny BackOriffice" dst-
    port=3133 protocol=tcp
     Ip firewall filter add action=drop chain=tcp comment="deny DHCP" dst-port=67-
    68 protocol=tcp
     Ip firewall filter add action=drop chain=udp comment="deny TFTP" disabled=yes
    dst-port=69 protocol=udp
     Ip firewall filter add action=drop chain=udp comment="deny PRC portmapper"
    dst-port=111 protocol=udp
     Ip firewall filter add action=drop chain=udp comment="deny PRC portmapper"
    dst-port=135 protocol=udp
     Ip firewall filter add action=drop chain=udp comment="deny NBT" dst-port=137-
    139 protocol=udp
     Ip firewall filter add action=drop chain=udp comment="deny NFS" dst-port=2049
    protocol=udp
     Ip firewall filter add action=drop chain=udp comment="deny BackOriffice" dst-
    port=3133 protocol=udp
     Ip firewall filter add chain=icmp comment="echo reply" icmp-options=0:0
    protocol=icmp
     Ip firewall filter add chain=icmp comment="net unreachable" icmp-options=3:0
    protocol=icmp
     Ip firewall filter add chain=icmp comment="host unreachable" icmp-options=3:1
    protocol=icmp
     Ip firewall filter add chain=icmp comment="host unreachable fragmentation
    required" icmp-options=3:4 protocol=icmp
     Ip firewall filter add chain=icmp comment="allow source quench" icmp-
    options=4:0 protocol=icmp
     Ip firewall filter add chain=icmp comment="allow echo request" icmp-options=8:0
    protocol=icmp
     Ip firewall filter add chain=icmp comment="allow time exceed" icmp-options=11:0
    protocol=icmp
     Ip firewall filter add chain=icmp comment="allow parameter bad" icmp-
    options=12:0 protocol=icmp
     Ip firewall filter add action=drop chain=icmp comment="deny all other types"
     Ip firewall filter add action=drop chain=input comment="drop ftp brute forcers"
    dst-port=21 protocol=tcp src-address-list=ftp_blacklist
     Ip firewall filter add chain=output content="530 Login incorrect" dst-
    limit=1/1m,9,dst-address/1m protocol=tcp
     Ip firewall filter add action=add-dst-to-address-list address-list=ftp_blacklist
    address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp
     Ip firewall filter add action=drop chain=input comment="drop ssh brute forcers"
    dst-port=22 protocol=tcp src-address-list=ssh_blacklist
     Ip firewall filter add action=add-src-to-address-list address-list=ssh_blacklist
    address-list-timeout=1w3d chain=input connection-state=new dst-port=22
    protocol=tcp src-address-list=ssh_stage3
     Ip firewall filter add action=add-src-to-address-list address-list=ssh_stage3
    address-list-timeout=1m chain=input connection-state=new dst-port=22
    protocol=tcp src-address-list=ssh_stage2
     Ip firewall filter add action=add-src-to-address-list address-list=ssh_stage2
    address-list-timeout=1m chain=input connection-state=new dst-port=22
    protocol=tcp src-address-list=ssh_stage1
     Ip firewall filter add action=add-src-to-address-list address-list=ssh_stage1
    address-list-timeout=1m chain=input connection-state=new dst-port=22
    protocol=tcp
     Ip firewall filter add action=drop chain=forward comment="drop ssh brute
    downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist

    You might also like