» » » » Keamanan Mikrotik Router

Keamanan Mikrotik Router

Keamanan Mikrotik Router - Hallo sahabat Belajar Komputer, Pada sharing Belajar Komputer kali ini yang berjudul Keamanan Mikrotik Router, saya telah menyediakan artikel untuk belajar komputer yang cukup bermanfaat dan dibutuhkan. Mudah-mudahan isi postingan belajar komputer yang saya tulis ini dapat anda pahami. okelah, ini dia artikel belajar komputernya.

Judul : Keamanan Mikrotik Router
Subjudul : Keamanan Mikrotik Router

lihat juga


Keamanan Mikrotik Router

Kadang jengkel sama koneksi di hotspot rumah yang lelet. Padahal ketika komputer langsung konek via modem telepon lancar-lancar aja tapi ketika di  sambungkan via RB Mikrotik kok jadi lelet...

Searching2 di mang google ternyata RB Mikrotik juga kudu dikasih filter rule di firewallnya, ada juga filter rule yang kayak gini. Cara masukin ke Filter ruleny gimana?

Caranya buka RB pake winbox masuk ke menu new terminal, copi script dibawah ini lalu paste di terminal.
Niat sedekah semoga bermanfaat.

ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER1" \
address-list-timeout=2w chain=input \

comment="PORT SCANNER2 KE ADDRESS \
LIST " disabled=no protocol=tcp psd=21,3s,3,1

/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER2" address-list-timeout=2w \
chain=input comment="NMAP FIN Stealth scan" disabled=no \
protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg

/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER3" address-list-timeout=2w \
chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn

/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER4"  address-list-timeout=2w \
chain=input comment="SYN/RST scan" disabled=no  \
protocol=tcp tcp-flags=syn,rst

/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER5" address-list-timeout=2w \
chain=input comment="FIN/PSH/URG scan" disabled=no \
protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack

/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER6" address-list-timeout=2w \
chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg

/ip firewall filter add action=add-src-to-address-list \
address-list="PORT SCANNER7"  address-list-timeout=2w \
chain=input comment="NMAP NULL scan" disabled=no  \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg

/ip firewall filter add action=drop chain=input \
comment="BLOK PORT SCANNER" disabled=no \
src-address-list="PORT SCANNER1"

/ip firewall filter add action=accept chain=input \
comment="IZINKAN MENDIRIKAN KONEKSI" \
connection-state=established disabled=no

/ip firewall filter add action=accept chain=input \
comment="IZINKAN KONEKSI TERKAIT" \
connection-state=related disabled=no

/ip firewall filter add action=accept chain=input \
comment="IZINKAN PING LOCAL" \
disabled=no protocol=icmp \
src-address-list=\
"wirelessrouterproxy.blogspot.com client"

/ip firewall filter add action=accept chain=input \
comment="IZINKAN PING PROXY" disabled=no \
protocol=icmp src-address-list=\
"wirelessrouterproxy.blogspot.com proxy"

/ip firewall filter add action=accept chain=input \
comment="IZINKAN INPUT DARI LOCAL" disabled=no  \
src-address-list="wirelessrouterproxy.blogspot.com client"

/ip firewall filter add action=accept chain=input \
comment="IZINKAN INPUT DARI PROXY" disabled=no \
src-address-list="wirelessrouterproxy.blogspot.com proxy"

/ip firewall filter add action=jump chain=forward \
comment="FILTER PAKET YANG JELEK" disabled=no \
jump-target=tcp protocol=tcp

/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=udp \
protocol=udp

/ip firewall filter add action=jump \
chain=forward disabled=no jump-target=icmp protocol=icmp

/ip firewall filter add action=drop chain=tcp \
comment="TOLAK SMTP" disabled=no dst-port=25 \
protocol=tcp

/ip firewall filter add action=drop chain=tcp \
comment="TOLAK RPC2portmapper" disabled=no \
dst-port=135 protocol=tcp

/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NBT" disabled=no dst-port=137-139 \
protocol=tcp

/ip firewall filter add action=drop \
chain=tcp comment="TOLAK CIFS" disabled=no \
dst-port=445 protocol=tcp

/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NFS" disabled=no dst-port=2049 \
protocol=tcp

/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NETBUS" disabled=no dst-port=20034 \
protocol=tcp

/ip firewall filter add action=drop chain=tcp \
comment="TOLAK BackOriffice" disabled=no dst-port=\
3133 protocol=tcp

/ip firewall filter add action=drop chain=tcp \
comment="BLOK DHCP" disabled=no dst-port=67-68 \
protocol=tcp
/ip firewall filter add action=drop chain=tcp \
comment="TOLAK P2P" disabled=no p2p=all-p2p

/ip firewall filter add action=drop chain=udp \
comment="TOLAK TFTP" disabled=no dst-port=69 \
protocol=udp

/ip firewall filter add action=drop chain=udp \
comment="TOLAK PRC portmapper" disabled=no \
dst-port=111 protocol=udp

/ip firewall filter add action=drop chain=udp \
comment="TOLAK PRC portmapper" disabled=no \
dst-port=135 protocol=udp

/ip firewall filter add action=drop chain=tcp \
comment="TOLAK NETBUS" disabled=no \
dst-port=12345-12346 protocol=tcp

/ip firewall filter add action=drop chain=udp \
comment="BLOK NBT" disabled=no dst-port=137-139 \
protocol=udp

/ip firewall filter add action=drop chain=udp \
comment="BLOK NFS" disabled=no dst-port=2049 \
protocol=udp

/ip firewall filter add action=drop \
chain=udp comment="TOLAK BackOriffice" \
disabled=no dst-port=3133 protocol=udp

/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=0:0-255 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=3:0 protocol=icmp

/ip firewall filter add action=accept \
chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=3:3 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=3:4 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=icmp \
comment="limit packets 5/secs" disabled=no \
icmp-options=8:0-255 limit=5,5 protocol=icmp

/ip firewall filter add action=accept \
chain=icmp comment="limit packets 5/secs" \
disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp

/ip firewall filter add action=accept chain=forward \
comment="Allow Established connections" \
connection-state=established disabled=no


Demikianlah Artikel Keamanan Mikrotik Router

Sekian artikel belajar komputer Keamanan Mikrotik Router, mudah-mudahan bisa memberi manfaat untuk anda semua. Baiklah, sekian postingan belajar komputer lagu kali ini.

Anda sedang membaca artikel Keamanan Mikrotik Router dan artikel ini url permalinknya adalah http://antiasap.blogspot.com/2012/05/keamanan-mikrotik-router.html Semoga artikel ini bisa bermanfaat.