You are on page 1of 7

 SETUP IP ADDRESS

:
[admin@MikroTik] ip address> add address 10.0.0.217/24 interface=ether1
[admin@MikroTik] ip address> add address 192.168.0.254/24 interface=ether2
[admin@MikroTik] ip address>print
[View ip address]
 SETUP GATEWAY:
[admin@MikroTik] > ip route add gateway=192.168.0.1
[admin@MikroTik] > ip route print
 SETUP DNS:
[admin@MikroTik] > ip dns print
primary-dns: 0.0.0.0
secondary-dns: 0.0.0.0
allow-remote-requests: no
cache-size: 2048KiB
cache-max-ttl: 1w
cache-used: 17KiB
[admin@Mikrotik] > ip dns set primary-dns=202.134.1.10 ( depending on ISP)
[admin@Mikrotik] > ip dns set secondary-dns=202.134.0.155 (depending on ISP)
[admin@MikroTik] > ip dns print
[to view dns datails]
 Set Description on interface:
[admin@MikroTik] > interface
[admin@MikroTik] interface>
The interface name can be changed to a more descriptive one by using /interface set command:
[admin@MikroTik] interface> set 0 name=Local; set 1 name=Public
[admin@MikroTik] interface> print
Flags: X - disabled, D - dynamic, R - running
# NAME TYPE RX-RATE TX-RATE MTU
0 R Local ether 0 0 1500
1 R Public ether 0 0 1500
 Login ssh to any server using user name and port:
[admin@MikroTik] > /system ssh 192.168.0.1 user=pakalns port=22
admin@192.168.0.1's password:
 View ip Services:
[admin@MikroTik] > ip service print
Flags: X - disabled, I - invalid
# NAME
PORT ADDRESS
CERTIFICATE
0 telnet
23 0.0.0.0/0
1 ftp
21 0.0.0.0/0
2 www
80 0.0.0.0/0
3 ssh
22 0.0.0.0/0
4 X www-ssl
443 0.0.0.0/0
none
[admin@MikroTik] > ip service print detail
Flags: X - disabled, I - invalid
0 name="telnet" port=23 address=0.0.0.0/0
1 name="ftp" port=21 address=0.0.0.0/0
2 name="www" port=80 address=0.0.0.0/0
3 name="ssh" port=22 address=0.0.0.0/0
4 X name="www-ssl" port=443 address=0.0.0.0/0 certificate=none
 Change ssh port for security:
[admin@MikroTik] ip service> set ssh port=65
[admin@MikroTik] ip service> print
[admin@MikroTik] > ip service print

I .Y" add chain = virus protocol = tcp dst-port = 10080 action = drop comment = "Drop MyDoom.invalid # NAME 0 telnet 1 ftp 2 www 3 ssh 4 X www-ssl PORT ADDRESS CERTIFICATE 23 0.Y" add chain = virus protocol = tcp dst-port = 2535 action = drop comment = "Drop Beagle" add chain = virus protocol = tcp dst-port = 2745 action = drop comment = "Drop Beagle.0.0.0/0 80 0.B" add chain = virus protocol = tcp dst-port = 9898 action = drop comment = "Drop Dabber.0/0 65 0.CK" add chain = virus protocol = tcp dst-port = 3127-3128 action = drop comment = "Drop Mydoom" add chain = virus protocol = tcp dst-port = 3410 action = drop comment = "Drop Backdoor OptixPro" add chain = virus protocol = tcp dst-port = 4444 action = drop comment = "Worm" add chain = virus protocol = udp dst-port = 4444 action = drop comment = "Worm" add chain = virus protocol = tcp dst-port = 5554 action = drop comment = "Drop Sasser" add chain = virus protocol = tcp dst-port = 8866 action = drop comment = "Drop Beagle. port = 445 action = drop comment = "Drop Blaster Worm" add chain = virus protocol = tcp dst-port = 593 action = drop comment ="________" add chain = virus protocol = tcp dst-port = 1024-1030 action = drop comment ="________" add chain = virus protocol = tcp dst-port = 1080 action = drop comment = "Drop Mydoom" add chain = virus protocol = tcp dst-port = 1214 action = drop comment ="________" add chain = virus protocol = tcp dst-port = 1363 action = drop comment = "ndm requester" add chain = virus protocol = tcp dst-port = 1364 action = drop comment = "ndm server" add chain = virus protocol = udp dst-port = 1368 action = drop comment = "screen cast" add chain = virus protocol = tcp dst-port = 1373 action = drop comment = "hromgrafx" add chain = virus protocol = tcp dst-port = 1377 action = drop comment = "cichlid" add chain = virus protocol = tcp dst-port = 1433-1434 action = drop comment = "Worm" add chain = virus protocol = tcp dst-port = 2745 action = drop comment = "Bagle Virus" add chain = virus protocol = tcp dst-port = 2283 action = drop comment = "Drop Dumaru.0.disabled.AB" add chain = virus protocol = tcp dst-port = 10000 action = drop comment = "Drop Dumaru. Agobot. We can give the chain a descriptive name. Instead of adding those rules to the forward chain.0.0. "virus" when adding the following rules to the ip firewall filter (you can copy and paste these rules into the terminal window. we create a new chain for all netbios and similar unwanted traffic. say.0.0.0.0.0/0 21 0. Gaobot" .0/0 none  Configure NAT: [admin@MikroTik] > ip firewall nat add chain=srcnat action=masquerade out-interface=ether1 [ether1 means Live/Public interface card]  FIREWALL: We should filter out and drop all unwanted packets that look like coming from virus infected hosts.B" add chain = virus protocol = tcp dst-port = 12345 action = drop comment = "Drop Netbus" add chain = virus protocol = tcp dst-port = 17300 action = drop comment = "Drop Kuang2" add chain = virus protocol = tcp dst-port = 27374 action = drop comment = "Drop SubSeven" add chain = virus protocol = tcp dst-port = 65506 action = drop comment = "Drop PhatBot. if you are in the / ip firewall filter menu): add chain = virus protocol = tcp dst-port = 135-139 action = drop comment = "Drop Blaster Worm" add chain = virus protocol = udp dst-port = 135-139 action = drop comment = "Drop Messenger Worm" add chain = virus protocol = tcp dst-port = 445 action = drop comment = "Drop Blaster Worm" add chain = virus protocol = udp dst.0.0/0 443 0.Flags: X .

.0/8 action=drop add chain=forward protocol=tcp action=jump jump-target=tcp add chain=forward protocol=udp action=jump jump-target=udp add chain=forward protocol=icmp action=jump jump-target=icmp add chain=tcp protocol=tcp dst-port=69 action=drop \ comment="deny TFTP" add chain=tcp protocol=tcp dst-port=111 action=drop \ comment="deny RPC portmapper" add chain=tcp protocol=tcp dst-port=135 action=drop \ comment="deny RPC portmapper" add chain=tcp protocol=tcp dst-port=137-139 action=drop \ comment="deny NBT" add chain=tcp protocol=tcp dst-port=445 action=drop \ comment="deny cifs" add chain=tcp protocol=tcp dst-port=2049 action=drop comment="deny NFS" add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="deny NetBus" add chain=tcp protocol=tcp dst-port=20034 action=drop comment="deny NetBus" . Drop invalid connection packets chain=customer connection-state=invalid action=drop 1 ...dynamic 0 .0/8 action=drop add chain=forward dst-address=0. Log dropped connections chain=customer action=log log-prefix="customer_drop" 4 .0. I .. D .. FILTER CUSTOMER: [admin@ MikroTik] ip firewall filter> print all customer dynamic forward input output static virus [admin@ MikroTik] ip firewall filter> print customer Flags: X .0. Allow related connections chain=customer connection-state=related action=accept 3 .0.invalid.dynamic 0 I chain=forward in-interface=(unknown) action=jump jump-target=customer  FORWARD CHAINS: add chain=forward protocol=tcp connection-state=invalid \ action=drop comment="drop invalid connections" add chain=forward connection-state=established action=accept \ comment="allow already established connections" add chain=forward connection-state=related action=accept \ comment="allow related connections" add chain=forward src-address=0.. D .disabled. Drop and log everything else chain=customer action=drop [admin@ MikroTik] ip firewall filter> print forward Flags: X .0..0.disabled.0..invalid. Allow established connections chain=customer connection-state=established action=accept 2 .0/8 action=drop add chain=forward src-address=127. I ...

16.9.101 is the desired internal destination. 69.0/24 action=src-nat to-addresses=172.101 to-ports = 5900 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Redirect mail traffic to a specified server: This is if you want to redirect all traffic through your router to your own mail server specified.69 is the example wan IP.1 to-ports=0-65535  Forwarding Port to an Internal IP: This will go on a Mikrotik 3. D . / ip firewall nat add chain = dstnat dst-address = 69.168.168..69 protocol = tcp dst-port = 5900 \ action = dst-nat to-addresses = 192. 192.1.69.1.1 In order to check the settings of IP address translation.. This is useful if you have many clients from different locations connecting to your network at different times.1.16.invalid.1. I .x where you want to forward a port (tcp 5900) to an internal IP.dynamic 0 chain=srcnat out-interface=ether1 src-address=192.x or 2.disabled.69.1.69. out-interface=ether1 action=src-nat to-addresses=172.1.add chain=tcp protocol=tcp dst-port=3133 action=drop comment="deny BackOriffice" add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="deny DHCP" add chain=udp protocol=udp dst-port=69 action=drop comment="deny TFTP" add chain=udp protocol=udp dst-port=111 action=drop comment="deny PRC portmapper" add chain=udp protocol=udp dst-port=135 action=drop comment="deny PRC portmapper" add chain=udp protocol=udp dst-port=137-139 action=drop comment="deny NBT" add chain=udp protocol=udp dst-port=2049 action=drop comment="deny NFS" add chain=udp protocol=udp dst-port=3133 action=drop comment="deny BackOriffice" add chain=icmp protocol=icmp icmp-options=0:0 action=accept \ comment="drop invalid connections" add chain=icmp protocol=icmp icmp-options=3:0 action=accept \ comment="allow established connections" add chain=icmp protocol=icmp icmp-options=3:1 action=accept \ comment="allow already established connections" add chain=icmp protocol=icmp icmp-options=4:0 action=accept \ comment="allow source quench" add chain=icmp protocol=icmp icmp-options=8:0 action=accept \ comment="allow echo request" add chain=icmp protocol=icmp icmp-options=11:0 action=accept \ comment="allow time exceed" add chain=icmp protocol=icmp icmp-options=12:0 action=accept \ comment="allow parameter bad" add chain=icmp action=drop comment="deny all other types"  SNAT and firewall : In order to allow the users using the Internet their local IP addresses at the external interface of the router should be translated to the external IP address: > /ip firewall nat add chain=srcnat src-address=192.168.0/24 \ \. (Note that if you are using Hotspot you can do this in the Hotspot settings instead) . use the following command: > ip firewall nat print Flags: X .168.69.

?. urg action = add-src-to-address-list address-list = "port scanners" address-list-timeout = 2w comment = "ALL / ALL scan" add chain = input protocol = tcp tcp-flags =! fin. we can record the IPs of hackers who try to scan your box.?.?.0.x Mikrotik Router OS In This Topic We will Try to STOP some known Messangers like MSN.0.?.! ack.! RST. First you need to Configure Layer-7 protocols / ip-protocol layer7 add name = "Yahoo" regexp = "^ (ymsg | ypns | yhoo ). 3. RST. etc. psh. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Drop IM Using L7: Now we can STOP Instanse Messangers Using Layer-7 filtering. but using the above rules with "chain = forward".! urg action = add-src-to-addresslist address-list = "port scanners" address-list -timeout = 2w comment = "NMAP NULL scan" Then you can drop those IPs: add chain = input src-address-list = "port scanners" action = drop comment = "dropping port scanners" disabled = no Similarly.?.1 to-ports = 25 This will redirect all SMTP (port 25) traffic out the router to ip address 10.1 action = add-src-to-address-list address-list = "port scanners" address-list-timeout = 2w comment = "Port scanners to list" disabled = no Various combinations of TCP flags can also indicate the port scanning activity.?.timeout = 2w comment = "NMAP FIN Stealth scan" add chain = input protocol = tcp tcp-flags = fin.3 s. psh. You Require V3. add chain = input protocol = tcp tcp-flags = fin. Using this address list we can drop connection from those IP in / ip firewall filter add chain = input protocol = tcp psd = 21. syn.! syn.ip firewall nat add chain = dstnat protocol = tcp dst-port = 25 action = dst-nat to-addresses = 10.0.1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Drop port scanners : To protect the router from port scanners.! syn. urg.! psh. syn action = add-src-to-address-list address-list = "port scanners" address-list-timeout = 2w comment = "SYN / FIN scan" add chain = input protocol = tcp tcp-flags = syn.! syn.* \ xc0 \ x80" comments = " Yahoo Messenger "name =" MSN "regexp =" ver [0-9] + msnp [1-9] [0-9]? [\ x09-\ x0d .?[ via] . Yahoo.! psh.! RST.0.! ack.! ack action = add-src-to-address-list address-list = "port scanners" address-list-timeout = 2w comment = "FIN / PSH / URG scan" add chain = input protocol = tcp tcp-flags = fin.! urg action = add-src-to-addresslist address-list = "port scanners" address-list . you can drop these port scanners in the forward chain.! RST. RST action = add-src-to-address-list address-list = "port scanners" address-list-timeout = 2w comment = "SYN / RST scan" add chain = input protocol = tcp tcp-flags = fin. ack.

?.?.] + \ x0d \ x0a $ | ans 1 [!-~]+ [0-9.?.?.?.?.? \ xb3 | \ xb4 .?. ?.?.?.?.?.? \ x83 | \ x84 .?.?.?.?.?.?.?.? .?.?.?.?.?.?.?.?.?.?. ? \ x55 | \ x56 .?.?. ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xa3 | \ xa4 .?.?.?.?.?.?.?.?.?. ?..?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x8d | \ x8e .?.?.? \ x6d | \ x6e .? \ xb4 | \ xb5 .?. ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x39 | \ x3a .?.?.?.?.?.?.? .?.?.? \ xad | \ xae .?.?.?.?.?.?.?.?.? .?.?.?.?.?.?.? \ x10 | \ x11 .?.?.?.?.?.?.? \ x6c | \ x6d .?.?.?.?.?.?.?.?.?.?.?.?.?.? \ X58 | \ x59 .?.?.?.?.?.?.?.?.?.?.?.?.? .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xa1 | \ xa2 .?.?.?.?.?.?.?.? \ * | \ +.? \ x92 | \ x93 .?.?.? \ x4c | \ x4d .?.?.?.?.?.?.? \ x11 | \ x12 .?.?.? \ x40 | \ x41 .~] * cvr0 \ x0d \ x0a $ | usr 1 [ !-~]+ [0-9.? \ x97 | \ x98 .?.?.?.?.?.?.?.?.?.? \ | | \ }.?.? \ x12 | \ X13.?.?.?.?.? \ x99 | \ x9a .?.?.?.?.?.?.?.?.?.? \ x9c | \ x9d.?.?.?.?.?.?.?.? \ x7e | \ x7f .?.? \ x79 | \ x7a .?.?.?.?.?.?.?.?.?.?.?.? \ x50 | \ x51 .?.?.?.? .?.?.? .?.?.?.?.?.?..?.?.?.?.? \ x3b | \ x3c .?.? \ \ | \ ].?.?.?.? \ x63 | \ x64 .?.?.?.?.?.?.?.? \ x0d | \ x0e .? \ x45 | \ x46 .?.?.? \ x4a | \ x4b .?.?.?.?.?.?.?.?.?.?.?.?.?.?. ?.?.?.? \ X38 | \ x39.?.?.?.?.?.?.?.?.?. ?.? \ x07 | \ x08 .? \ xa4 | \ xa5 .?.?.? \ x30 | \ X31 .?.?.?.?.?.?.?. ?.?.?.?.?.?. ?.?.? .?.?.?.?.? .? \ x95 | \ x96 .? \ x65 | \ x66 .? \ xb6 | \ xb7 .?.? \ x8c | \ x8d .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ .? \ x25 | \ x26.?.?.?.?.?.?.?.?.? .?.?.?.?.?.?.?.? \] | \ ^.?.?.?.?.?. ?.? \ X21 | \ x22 .? \ xa0 | \ xa1 . \ x02 .?.?.?.?.?.? \ xa5 | \ xa6 .?.?.?.?.?.?.?.?.?.?.?.?.? \ x15 | \ x16 .?.? \ x6f | \ x70 .?.?.?.?.?.?.?.?.? \ (| \ |.?.?.? \ x20 | \ X21 .?.? \ x3d | \ x3e .?.?..?.?.?.?.?.?.?.?.?.? \ x67 | \ x68 .?.?.?.?.?.? \ XAF | \ xb0.?.?.?.?.?.?.?.?.?.?.? \ x46 | \ x47 .?.?.?.?.? \ x1c | \ x1d .?.?.?.?.?.? \ x4e | \ x4f .? \ x0a | \ x0b .?.?.? \ x3a | \ x3b .?. ?.?.?.? \ x62 | \ x63 .?.?.?.?.? .?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x0f | \ x10 .? \ x47 | \ X48 .?.?.?.?.?.?.? \ x2f | \ x30 .?.?.? \ x44 | \ x45.?.?.?.?.?.?.?.?.?.? \ x08 | \ x09 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.? .?.?.?.?.?.?.?.?.? \ xa7 | \ xa8 . ?.?.? \ x96 | \ x97 .?.?.? \ x91 | \ x92 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x34 | \ x35 .?.?.?.?.?.?.?.?.?.?.?..?.?.?.?.? \ x6a | \ x6b.?.?.?.?.?.?.?.?.?.?.? \ x1d | \ x1e .?.?.?.?.?.? \ x0c | \ x0d .?.?.?.?.?.?.?.?.?.?.?.? \ xa9 | \ xaa .?.?.?.?.?.?.?.?.?.?.?.? \ x0e | \ x0f .?.?. ?.?.?.?.?.?.?.?.?.?.? \ xb1 | \ xb2 ..?.?.?. ?.~] * msnftp \ x0d \ x0aver msnftp \ x0d \ x0ausr | msnmsgr method:) "comments =" MSN File Transfer "name =" Skype "regexp ="^.?.?.?.? \ x98 | \ x99 . ?.?.? \ ^ | \ x5f .?.?.?.?.?.?.? \ x41 | \ x42 .?.?.?.?.?.?.?.?.?.?.?.?.? \ xae | \ XAF .?.?. | \ x2f .? .?.?.?.?.? \ xb7 | \ xb8 .?.?.?.?.? \ x43 | \ x44 .?.?.? \ x54 | \ x55 .?.?.?.?.?.? \ x88 | \ x89 .?.?.?.?.?.?.? \ x05 | \ x06 .?.?.?.?.?.?.?.?.?.?.?.? .? \ x2d | \ .? \ x9b | \ x9c .?.? \ xac | \ xad .? \ x22 | \ X23 .? \ x8f | \ x90 .? \ x17 | \ x18 .?.? \? | \ x40 .?.? \ x27 | \ (.? \ xb0 | \ xb1 .?.? \ xb2 | \ xb3 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?. ?.?.?.? \ xaa | \ xab .?.?.?.? \ x74 | \ x75 .?.?.?.?.? \ x06 | \ x07.? \ x7f | \ x80 .?..?.? \ x76 | \ x77.?.?.?.?.?.? \ x84 | \ x85 .?.?.?.?.?.?.?.?.?.?.? \ x8e | \ x8f .?.?.?.?.? \ x9d | \ x9e .?.? \ X48 | \ x49 .?.?.?.?.?.?.?.?.?.? \ x18 | \ x19 .?.?.?.?.? \ x57 | \ X58.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? .?.?.? \ x49 | \ x4a .?.?.?.?.?.? .?.? \ x71 | \ x72 .?.?.?.?.?.?.?.? \ x66 | \ x67 .? \ x80 | \ x81 .?.?..?.? \ x1e | \ x1f .?.?.?.?.?.?.?.?.?.?.?.?.? \ X14 | \ x15 .?.?.?.?.?. ?.?.? \ x36 | \ x37 .?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xa8 | \ xa9.?.?.?.?.?.?.?.? \ x70 | \ x71 .?.?.?.?.? \ x9e | \ x9f .?.?.?.? \ x86 | \ x87 .?.?.? .?.?.?.?.?.?.?.?.?.?.?.?.?.? \ X33 | \ x34 .? \ x61 | \ x62 .?.?.?.?.?.?. ?. ?.?.?.?.?.?.?.?.?.?.?. ? \ X23 | \ $.? \ xb5 | \ xb6 .?.?..?.?.?.?.?.?.?.?.?. ?.?.?.?.? \ x0b | \ x0c .?.?.?.?.? \ xab | \ xac .? \ x19 | \ x1a.?.?.?.?.?.?.?.?.?.?.?.?.?.?. ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x03 | \ x04 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x4d | \ x4e .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x37 | \ X38 .?.? \ x3e | \ ?.?.?.?.? \ x1f | \ x20 .?.?.?.] + \ x0d \ x0a $ "comments =" MSN Messenger "name =" MSN FT "regexp =" ^ (ver [.?.?.?.? \ x4b | \ x4c.?.?.?.?.?.?.? \ x02 | \ x03 .?.?.?.?.?.?.?.?.?.?.? \.?.?.?.?.? \ x81 | \ x82 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x64 | \ x65 .?.?.?.?.?.?.?.?.?.?.? \ x3c | \ x3d .?.?.?.?.?.? \ x73 | \ x74 .?.?.?.?.?.? \ x6e | \ x6f .?.? \ x52 | \ x53 .?.?.?.?.?.?.?.?.?.?. .?.? \ x51 | \ x52 .? \ x85 | \ x86 .?.?.?.?.?.?.?. ?.?.?.?.?.? \ x75 | \ x76 .?.?.?.?.?.?.?.?.?.?.? \ x8a | \ x8b .?.? \ x16 | \ x17 .?.?.?.?.?.?.?.?.?.?.?.?. ?." comments = "Skype" name = "Skype-to-Phone" regexp = "^ (\ x01 .?.?.? \ x8b | \ x8c .? \ x77 | \ x78 .?. ?.?.?.?.?.?.?.?.? \ x68 | \ x69 .?.?.?.?.?.?.?. ?.?.?.?.?.?.?.?.?..?.?.?.?.?.?.?.?.?.? \ x53 | \ x54 .?.?.?.? .?.?.?.?.?.?.?.?.?.?.? \ x7a | \ {.?.?.? .? \ x6b | \ x6c .? \ $ | \ x25 .?.?.?.?..?.?.?.? \ xa6 | \ xa7 .?.?.?.?.?.?.?.?.?. ? \ x87 | \ x88 .?.?.?.?.?.?.?..?.?.?.?.?.?.? \ x1b | \ x1c .?.?.?.? .?.?.? \ x90 | \ x91 .?. ?.?.?.?..?.?.?.?.?.?.?.?.?.?.?.? \ x4f | \ x50 .?.?.?.? \ x82 | \ x83 .?.?.?.?.?.?.?.?.?.?.?.? \ x32 | \ X33 ..?.? \ x35 | \ x36 .? \ xb8 | \ xb9 .?.? \) | \ *.?.?.? \ x9f | \ xa0 .?.? .?.?.?.?.?.?.?.? \ x1a | \ x1b .?.?.?.?.?.? .?.? \ xa2 | \ xa3 .?.?.? \ x5f | \ X60 ..?.?.?.?.?.?.?.?.? \ x89 | \ x8a.?.?.?.?.? \ x26 | \ x27 .? \ + | \ x2c .? \ x9a | \ x9b .?.?.?.? .?.?.? \ x56 | \ x57 .?.?.?.?.? \ x01 | \ x02 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ x2c | \ x2d .?.?.?.?.?.?.?.? \ x69 | \ x6a .?.?.? .?.?.?.?.? \ x94 | \ x95 .? \ x72 | \ x73 .?. ?.?.?.? \ x59 | \ x5a .?.?.?.? \ X60 | \ x61 .?.?.?.?.? \ x42 | \ x43 .?.?.?.?.?.?.?.? \ (| \ ).? .?.?.?. ? \ xb9 | \ xba .?.?.?.?.?.?.?.?.?.? .?.? \ X13 | \ X14 .?.? \ x78 | \ x79 .?.?.?.?.?.? \ x04 | \ x05 .?.?.? \ x5a | \ [.? .? \ [| \ \ .?.? \ x93 | \ x94 .? \) | \ x7e.? \ X31 | \ x32 .?.?.? \ x09 | \ x0a .

? \ xf0 | \ xf1 .?.?.?.?.? \ xd6 | \ xd7 .? .?.?.?.?.?.?.?.?.? \ xf5 | \ xf6 .? \ xd9 | \ xda .?.?.?.?.?.?.? \ xf9 | \ xfa .?.?.?.?.? \ xf1 | \ xf2 .?.?.?.?.?.?.? \ xce | \ XCF.?.?.?.?. ?.?.?.?.?.?.? \ x01) | flapon | toc_signon .?.?.?.?.?.?.?.? \ xc9 | \ xca . ?.?.?.?.?.?.?.?.?.?.?. ? \ xeb | \ xec .? \ xc8 | \ xc9 .?.? \ xf2 | \ xf3 .?.?.?.? \ xd3 | \ xd4 .?.?.?.?.?.?.? \ xe0 | \ xe1 .?.? \ xea | \ xeb .?.?.?.?. ?.?.? \ XCF | \ xd0 .?.?.?.?.?.?.?.?.?.?.?.?.~] * \ x0d \ x0a) "comments = IRC Chat" Finally configure Layer-7 Filters / ip firewall filter add chain = forward layer7-protocol = "Yahoo" action = drop chain = forward layer7-protocol = "MSN" action = drop chain = forward layer7-protocol = "MSN FT" action = drop chain = forward layer7-protocol = "Skype" action = drop chain = forward layer7-protocol = "Skype-to-Phone" action = drop chain = forward layer7-protocol = "AIM" action = drop chain = forward layer7-protocol = "ICQ" action = drop chain = forward layer7-protocol = "IRC" action = drop .?.?.? .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?. ?.?.?.?. ?.?.?.?.?.?.? \ xcc | \ XCD .?.?.?.? \ xc2 | \ xc3 .?.?.?.?.?.?.?. ?.?.?.?.?.?.?.?.?.? \ xef | \ xf0 .?.? \ xc7 | \ xc8 .? \ xc0 | \ xc1 .? \ xf3 | \ xf4 .?.? \ xc4 | \ xc5 .?.?.?.?.?.?.?.? \ xbd | \ xbe .?.?.?.? .?.?.?.?.?.?.?.? \ xe4 | \ xe5 .?.?.?.?.?.? .?.? \ xfa | \ xfb .? \ xdb | \ xdc .?.?.? \ xc1 | \ xc2 .?.?.? \ xe6 | \ xe7 .?.?.?.?.?.? .?.?.?.?.?.* 0x "comments =" AIM Messenger "name =" ICQ "regexp =" ^ (\ * [\ x01 \ x02] .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xbb | \ xbc.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xee | \ xef .?.?.? \ xbe | \ xbf .?.?.?.?.?.?.?.? \ xe9 | \ xea .?.?.?.?.?.? \ xe1 | \ xe2.?.?.? xff \ xff) "comments =" Skype to Phone "name =" AIM "regexp =" ^ (\ * [\ x01 \ x02] .?.?.?.?.?.?.?.?.?.? \ xf8 | \ xf9 .?.? \ xc5 | \ xc6 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xfe | \ .?.?.?.?.?.~] * nick [\ x09 .?.? \ xed | \ xee.?.? \ XCD | \ xce .?.?.?.? \ xbc | \ xbd .?.? \ xfc | \ xfd .?.? \ xd0 | \ XD1 .? \ xDD | \ xde .? .?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xc6 | \ xc7 .\ x0d .?.?.? \ xec | \ xed .?.?.? \ xd8 | \ xd9 .? \ xf7 | \ xf8 .?.?.?.?.?.?.? \ xe8 | \ xe9 .?.?.?.* 0x "comment =" ICQ "name =" IRC "regexp =" ^ (nick [\ x09-\ x0d .* \ x03 \ x0b | \ * \ x01 .?.? .?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xe2 | \ xe3 .? \ xfb | \ xfc .?.?.?.?.?.?.? .?.? \ xd7 | \ xd8 .?.xba | \ xbb .?.?.?.? \ xfd | \ xfe .?.?.?.?.?.?.?.?.? \ xc3 | \ xc4 .?.?.?.?.?.?.?.?.?.? \ xca | \ xcb .?.?.? \ x01) | flapon | toc_signon .?.?.?.?.?.?.?.?.?.?.? \ xe7 | \ xe8 .? \ XD1 | \ xd2 .?. ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xdc | \ xDD .?.? .?. ?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xe5 | \ xe6 .? \ xbf | \ xc0 .? \ xe3 | \ xe4 .?.?.? \ xde | \ xdf .?.?.?.?.?.?.?. ?.?.?.~] * user [\ x09-\ x0d -~]*:| user [\ x09-\ x0d -~]*:[ \ x02-\ x0d .?.?.?.?.? \ xdf | \ xe0 .?.?.?.?.? \ xd4 | \ xd5 .?.?.? \ xf6 | \ xf7 .?.?.?.?.* \ x03 \ x0b | \ * \ x01 .?.? \ xf4 | \ xf5 .? .?.?.?.?.?.?.?.? \ xd5 | \ xd6 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.? \ xcb | \ xcc .?.?.?.? \ xda | \ xdb.?.?.? \ xd2 | \ xd3 .?.?.?.?.?.?.?.?.?.?.?.?.?.?.?.