Hirdetés
-
Mobilarena
Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.
Új hozzászólás Aktív témák
-
brickm
őstag
Siasztok!
tudna valaki segíteni, hogy az alábbi általam használt tűzfal jó-e, vagy valamit esetleg tennétek bele\kihagynátok\máshova raknátok?/ip firewall filter
add action=accept chain=forward comment="Accept to related connections" \
connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid
add action=drop chain=forward connection-nat-state=!dstnat in-interface=\
pppoe-out1_DIGI
add action=accept chain=input comment="ICMP Rule" in-interface=pppoe-out1_DIGI \
protocol=icmp
add action=accept chain=input dst-port=8291,40022,40021,41194 in-interface=\
ether2-master-local protocol=tcp src-address=192.168.0.0/24
add action=accept chain=input dst-port=80,8291,40022,40021,41194 protocol=tcp \
src-address=192.168.90.0/24
add action=accept chain=input comment="Enable OpenVPN connection" dst-port=\
41194 in-interface-list=all protocol=tcp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
Bogons
add action=drop chain=input comment=proxy dst-port=8080 in-interface=\
pppoe-out1_DIGI protocol=tcp
add action=drop chain=input comment=\
"Debug rule for local settings, drop all connection from external sites" \
dst-port=8291,40022,40021 in-interface=!ether2-master-local protocol=tcp
add action=drop chain=input comment="Drop external IP List" src-address-list=\
external_ports
add action=add-src-to-address-list address-list=external_ports_21 \
address-list-timeout=none-dynamic chain=input dst-port=21 in-interface=\
!ether2-master-local protocol=tcp
add action=add-src-to-address-list address-list=external_ports_22 \
address-list-timeout=none-dynamic chain=input dst-port=22 in-interface=\
!ether2-master-local protocol=tcp
add action=add-src-to-address-list address-list=external_ports_23 \
address-list-timeout=none-dynamic chain=input dst-port=23 in-interface=\
!ether2-master-local protocol=tcp
add action=add-src-to-address-list address-list=external_ports_80 \
address-list-timeout=none-dynamic chain=input dst-port=80 in-interface=\
!ether2-master-local protocol=tcp
add action=add-src-to-address-list address-list=external_ports_443 \
address-list-timeout=none-dynamic chain=input dst-port=443 in-interface=\
!ether2-master-local protocol=tcp
add action=add-src-to-address-list address-list=external_ports_1194 \
address-list-timeout=none-dynamic chain=input dst-port=1194 in-interface=\
!ether2-master-local protocol=tcp
add action=add-src-to-address-list address-list=external_ports \
address-list-timeout=none-dynamic chain=input dst-port=80,21,22,23,443,1194 \
in-interface=!ether2-master-local protocol=tcp
add action=drop chain=input comment="Drop external warnings" dst-port=\
21,22,23,25,53,80,110,115,135,139,143,194,443,445,1433 in-interface=\
pppoe-out1_DIGI protocol=tcp
add action=drop chain=input dst-port=3306,3389,5632,5900 in-interface=\
pppoe-out1_DIGI protocol=tcp
add action=drop chain=input comment="Drop ssh brute forcers" dst-port=40022 \
protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list="selective masq." \
address-list-timeout=none-dynamic chain=input comment=\
"Local IP register to selective masq. list" dst-address=192.168.0.1 \
dst-port=9032 protocol=tcp src-address=192.168.0.0/24 src-address-list=\
new_user
add action=add-src-to-address-list address-list="selective masq." \
address-list-timeout=5m chain=input comment=\
"Local IP register to selective masq. list time: 0d 00:05:00" dst-address=\
192.168.0.1 dst-port=8080 protocol=tcp src-address=192.168.0.0/24 \
src-address-list=new_user
add action=add-src-to-address-list address-list=new_user address-list-timeout=\
5m chain=forward comment="Scan new users" src-address=192.168.0.0/24 \
src-address-list="!selective masq."
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new dst-port=40022 \
protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new dst-port=40022 \
protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=40022 \
protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=40022 \
protocol=tcp
add action=accept chain=forward comment="Accept to new connections" \
connection-state=new
add action=drop chain=input comment="Drop anything else! " in-interface=\
ether1-gateway
Új hozzászólás Aktív témák
ekkold
- DELL Precision 7810 PC (Intel Xeon 8X3500 Mhz, 16 GB DDR4, 256 GB SSD+500GB HDD, Quadro M2000 4 GB)
- Lenovo ThinkCentre M720q Tiny PC (Intel i5 9500T 6 X 3700Mhz, 16 GB DDR4, 256 GB SSD)
- Vivo X200 Ultra újszerű tokok
- HP Victus 16 Gamer Laptop - Intel 11400H, 16 GB RAM, RTX 3050 Ti, 512 GB NVME
- Asztali PC R5 8400F RX 5700 XT 16GB DDR5 512GB NVME 1TB HDD
- BESZÁMÍTÁS! Acer Predator Helios Neo 18 Ai - Ultra 9 275HX 32GB DDR5 1TB SSD RTX 5070Ti 12GB W11
- Xbox One X 1 TB + kontroller 6 hó garancia, számlával!
- AKCIÓ! 750W Seasonic PRIME TX-750 Titanium tápegység garanciával hibátlan működéssel
- Frederick Forsythe: Isten ökle (nem olvasott)
- Dell latitude, precision, xps, magyar világítós billentyűzetek eladóak
Állásajánlatok
Cég: BroadBit Hungary Kft.
Város: Budakeszi
Cég: ATW Internet Kft.
Város: Budapest