Scribd Logo
Upload

Welcome to Scribd!

  • Security Advance

    Uploaded by

    Pedro Mancilla Salazar
    7 views1 page
    Mikrotik security

    Original Title

    security advance

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Mikrotik security

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views1 page

    Security Advance

    Uploaded by

    Pedro Mancilla Salazar
    Mikrotik security

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    /ip firewall filter

    add chain=input comment="*************Accept established connection packets"


    connection-state=established
    add chain=input comment="Accept related connection packets" connection-
    state=related
    add action=drop chain=input comment="Drop invalid packets" connection-state=invalid
    add chain=input icmp-options=8:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:3 limit=5,5 protocol=icmp
    add chain=input icmp-options=11:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:4 limit=5,5 protocol=icmp
    add action=drop chain=input protocol=icmp

    add action=tarpit chain=input comment="******Impedir Atacante DOS" protocol=tcp


    src-address-list="Lista Negra"
    add action=add-src-to-address-list address-list="Lista Negra" address-list-
    timeout=1d chain=input comment="Deteccion de DOS" connection-limit=100,32
    add action=drop chain=forward comment="Block Atakante DOS" protocol=tcp src-
    address-list="Lista Negra"

    add action=drop chain=input comment="*************Block Intrusos de la WebProxy"


    dst-port=3128 in-interface=WAN protocol=tcp
    add action=drop chain=input comment="Block Intrusos DNS" dst-port=53 in-
    interface=WAN protocol=udp

    add action=drop chain=forward comment="*************Block Usauarios infectados por


    spammer" dst-port=25 protocol=tcp src-address-list=spammer
    add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
    chain=forward comment="Detect and add-list SMTP virus or spammers" connection-
    limit=30,32 \
    dst-port=25 limit=50,5 protocol=tcp
    add action=jump chain=forward comment="jump to the virus chain" jump-target=virus

    add chain=input comment="*************Permitir el Acceso al Router desde Redes


    Conocidas" disabled=yes src-address-list="Permitir IPs for Access"
    add action=drop chain=input comment="*************Drop all INPUT" disabled=yes

    You might also like