- Honor 200 Pro - mobilportré
- Fotók, videók mobillal
- iPhone topik
- 45 wattos vezeték nélküli töltés jön az új iPhone-ba
- VoLTE/VoWiFi
- Bemutatkozott a Poco X7 és X7 Pro
- Milyen okostelefont vegyek?
- Xiaomi 14T Pro - teljes a család?
- Honor Magic6 Pro - kör közepén számok
- Android alkalmazások - szoftver kibeszélő topik
-
Mobilarena
Mikrotik routerekkel foglalkozó téma. Mikrotik router típusok, hardverek, router beállítások, programozás (scriptek írása), frissítés, és minden Mikrotik routerrel kapcsolatos beszélgetés helye.
Új hozzászólás Aktív témák
-
Lezl
tag
Itt a konfig, van benne sok dolog ami nem is kell már
# nov/01/2017 14:17:44 by RouterOS 6.40.4
# software id = 8C8Z-IPKS
#
# model = CCR1009-8G-1S
# serial number = 49130427F4E3
/ip firewall address-list
add address=89.132.155.172 comment="Saj\E1t SMTP szerver" list=smtp-szerverek
add address=195.70.49.106 comment=smtpauth.upcbusiness.hu list=smtp-szerverek
add address=213.46.255.2 comment=smtp.monornet.hu list=smtp-szerverek
add address=89.135.50.60 comment="Ez a cim kiv\E9tel az smtp szures alol" list=\
kivetelek
add address=70.86.5.44 list=smtp-szerverek
add address=194.149.13.163 comment=smtp.datanet.hu list=smtp-szerverek
add address=62.112.194.45 comment=smtp.datanet.hu list=smtp-szerverek
add address=194.149.13.165 comment=smtp.datanet.hu list=smtp-szerverek
add address=194.149.13.161 comment=smtp.datanet.hu list=smtp-szerverek
add address=195.70.57.133 comment=smtp.mediacenter.hu list=smtp-szerverek
add address=84.2.44.3 comment=mail.t-online.hu list=smtp-szerverek
add address=84.2.45.3 comment=mail.t-online.hu list=smtp-szerverek
add address=84.2.46.3 comment=mail.t-online.hu list=smtp-szerverek
add address=192.168.190.10 comment="Ez a cim kiv\E9tel az smtp szures alol" \
list=kivetelek
add address=192.168.190.212 comment="Ez a cim kiv\E9tel az smtp szures alol" \
list=kivetelek
add address=79.172.252.54 comment=Premiumos list=smtp-szerverek
add address=178.238.222.15 comment=Premiumos list=smtp-szerverek
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=drop chain=forward comment="Drop dhcp leased ips on PPPoE interface" \
src-address=192.168.180.2-192.168.180.254
add action=drop chain=forward comment="Drop DCOM" dst-port=135 protocol=tcp
add action=drop chain=input comment="Drop Telnet attempts" dst-port=23 \
protocol=tcp
add action=drop chain=input comment="Drop Invalid connections" \
connection-state=invalid
add action=accept chain=forward dst-address=192.168.190.0/23 protocol=tcp \
src-address=192.168.190.10
add action=accept chain=forward dst-address-list=smtp-szerverek dst-port=25 \
out-interface="UPC Port 1" protocol=tcp
add action=accept chain=input comment="Allow Established connections" \
connection-state=established
add action=accept chain=input comment="Allow UDP" protocol=udp
add action=accept chain=input comment="Allow ICMP" protocol=icmp
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid protocol=tcp
add action=accept chain=forward comment="allow already established connections" \
connection-state=established
add action=accept chain=forward comment="allow related connections" \
connection-state=related
add action=drop chain=forward comment="block bad IP" src-address=0.0.0.0/8
add action=drop chain=forward comment="block bad IP" dst-address=0.0.0.0/8
add action=drop chain=forward comment="block bad IP" src-address=127.0.0.0/8
add action=drop chain=forward comment="block bad IP" dst-address=127.0.0.0/8
add action=drop chain=forward comment="block bad IP" src-address=224.0.0.0/3
add action=drop chain=forward comment="block bad IP" dst-address=224.0.0.0/3
add action=jump chain=forward comment="jumps to new chains" jump-target=tcp \
protocol=tcp
add action=jump chain=forward comment="jumps to new chains" jump-target=udp \
protocol=udp
add action=jump chain=forward comment="jumps to new chains" jump-target=icmp \
protocol=icmp
add action=drop chain=tcp comment="deny TFTP" dst-port=69 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=111 protocol=\
tcp
add action=drop chain=tcp comment="deny RPC portmapper" dst-port=135 protocol=\
tcp
add action=drop chain=tcp comment="deny NBT" dst-port=137-139 protocol=tcp
add action=drop chain=tcp comment="deny cifs" dst-port=445 protocol=tcp
add action=drop chain=tcp comment="deny NFS" dst-port=2049 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=12345-12346 protocol=\
tcp
add action=drop chain=tcp comment="deny NetBus" dst-port=20034 protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" dst-port=3133 protocol=\
tcp
add action=drop chain=tcp comment="deny DHCP" dst-port=67-68 protocol=tcp
add action=drop chain=udp comment="deny TFTP" dst-port=69 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=111 protocol=\
udp
add action=drop chain=udp comment="deny PRC portmapper" dst-port=135 protocol=\
udp
add action=drop chain=udp comment="deny NBT" dst-port=137-139 protocol=udp
add action=drop chain=udp comment="deny NFS" dst-port=2049 protocol=udp
add action=drop chain=udp comment="deny BackOriffice" dst-port=3133 protocol=\
udp
add action=accept chain=icmp comment="drop invalid connections" icmp-options=\
0:0 protocol=icmp
add action=accept chain=icmp comment="allow established connections" \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="allow already established connections" \
icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="allow source quench" icmp-options=4:0 \
protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=drop chain=udp comment="deny dhcp" dst-port=67-68 protocol=udp
add action=accept chain=input comment=\
"Allow access to router from known network" src-address=192.168.255.0/24
add action=accept chain=input comment=\
"Allow access to router from known network" src-address=192.168.190.0/24
add action=accept chain=input src-address=10.0.0.0/8
add action=accept chain=input src-address=89.135.50.64/26
add action=accept chain=input src-address=89.135.50.64/26
add action=accept chain=forward src-address=89.132.156.147
add action=drop chain=input comment="Drop anything else"
add action=add-src-to-address-list address-list=smtp-spammer \
address-list-timeout=4w2d chain=forward dst-address-list=!smtp-szerverek \
dst-port=25 out-interface=UPC protocol=tcp
add action=drop chain=forward dst-port=25 out-interface="UPC Port 1" protocol=\
tcp src-address-list=!kivetelek
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"UPC primary - IP range (alap tartomany)" disabled=yes dst-address=\
!89.132.155.172 new-routing-mark="UPC primary" passthrough=no src-address=\
89.132.155.160/29
add action=mark-routing chain=prerouting comment=\
"UPC primary - IP range (extra tartomany)" disabled=yes dst-address=\
!89.132.155.172 new-routing-mark="UPC extra tartomany" passthrough=no \
src-address=89.132.156.128/27
add action=mark-routing chain=prerouting comment=\
"UPC primary - IP range (extra tartomany)" disabled=yes dst-address=\
!89.132.155.172 new-routing-mark="UPC extra tartomany 2" passthrough=no \
src-address=89.135.54.0/25
add action=change-mss chain=forward new-mss=clamp-to-pmtu protocol=tcp \
tcp-flags=syn
/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" \
disabled=yes
add action=masquerade chain=srcnat out-interface="UPC Port 1" src-address=\
10.10.10.0/24
add action=dst-nat chain=dstnat disabled=yes dst-address=192.168.190.212 \
dst-port=18767 protocol=tcp src-port=18767 to-addresses=192.168.190.212 \
to-ports=18767
add action=dst-nat chain=dstnat disabled=yes log=yes protocol=tcp src-address=\
192.168.190.212 src-port=18767 to-addresses=192.168.190.10 to-ports=18767
add action=src-nat chain=srcnat comment=\
"Apartman nem publikus cimek mas forrasra natol\E1sa" disabled=yes log=yes \
protocol=tcp src-address=192.168.190.212 src-port=18767 to-addresses=\
192.168.190.10 to-ports=18767
add action=src-nat chain=srcnat comment=\
"Apartman nem publikus cimek mas forrasra natol\E1sa" out-interface=\
"UPC Port 1" src-address=192.168.190.0/23 to-addresses=89.135.50.65
add action=src-nat chain=srcnat comment=\
"Apartman nem publikus cimek mas forrasra natol\E1sa" disabled=yes \
dst-address=!91.120.14.98 out-interface=UPC src-address=192.168.190.0/23 \
to-addresses=91.120.14.129
add action=src-nat chain=srcnat comment="TESZT gep/port natol\E1sa" disabled=\
yes dst-address=!91.120.14.98 out-interface=UPC src-address=\
192.168.254.0/24 to-addresses=91.120.14.129
add action=src-nat chain=srcnat comment="TESZT gep/port natol\E1sa" \
dst-address=!89.132.155.172 out-interface="UPC Port 1" src-address=\
192.168.254.0/24 to-addresses=89.135.50.65
add action=src-nat chain=srcnat comment=\
"PPPOE nem publikus cimek mas forrasra natol\E1sa" disabled=yes \
dst-address=!91.120.14.98 out-interface=UPC src-address=10.0.0.0/24 \
to-addresses=91.120.14.129
add action=src-nat chain=srcnat comment=\
"PPPOE nem publikus cimek mas forrasra natol\E1sa" dst-address=\
!89.132.155.172 out-interface="UPC Port 1" src-address=10.0.0.0/24 \
to-addresses=89.135.50.65
add action=masquerade chain=srcnat comment="Mail szerver NATol\E1sa" disabled=\
yes out-interface="UPC Port 1" src-address=192.168.255.0/24 to-addresses=\
91.120.14.97
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=22 protocol=tcp to-addresses=192.168.255.1 to-ports=\
22
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=25 protocol=tcp to-addresses=192.168.255.1 to-ports=\
25
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=18767 protocol=tcp to-addresses=192.168.190.10 \
to-ports=18767
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=110 protocol=tcp to-addresses=192.168.255.1 to-ports=\
110
add action=dst-nat chain=dstnat comment="Mail portbedobas UPC-rol" dst-address=\
89.135.50.65 dst-port=80 protocol=tcp to-addresses=192.168.255.1 to-ports=\
80
add action=dst-nat chain=dstnat comment="monornet to datanet smtp redit" \
dst-address=213.46.255.2 dst-port=25 protocol=tcp to-addresses=\
194.149.13.165 to-ports=25
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
89.132.155.172 dst-port=49256 protocol=tcp to-addresses=192.168.255.2 \
to-ports=49256
add action=dst-nat chain=dstnat disabled=yes dst-address=89.132.155.172 \
dst-port=63320 protocol=tcp to-addresses=192.168.255.199 to-ports=63320
add action=dst-nat chain=dstnat comment="Teszt remote" disabled=yes \
dst-address=89.132.155.172 dst-port=2222 protocol=tcp to-addresses=\
192.168.254.2 to-ports=3389
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
89.132.155.172 dst-port=2075 protocol=tcp to-addresses=192.168.190.232 \
to-ports=50000
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
91.120.14.98 dst-port=40000 protocol=tcp to-addresses=192.168.255.1 \
to-ports=21
add action=dst-nat chain=dstnat comment="Torrent\?" disabled=yes dst-address=\
89.132.155.172 dst-port=33303 protocol=tcp to-addresses=192.168.255.2 \
to-ports=2075
add action=dst-nat chain=dstnat dst-port=25 protocol=tcp src-address=\
192.168.190.43 to-addresses=192.168.150.199 to-ports=63320
add action=dst-nat chain=dstnat comment="Mail portbedobas ADSL-rol" \
dst-address=192.168.255.254 dst-port=25 protocol=tcp to-addresses=\
192.168.255.1 to-ports=25
add action=dst-nat chain=dstnat dst-address=89.135.54.80 protocol=t
to-addresses=192.168.190.8 to-ports=0-65535
add action=src-nat chain=srcnat protocol=tcp src-address=192.168.19
to-addresses=89.135.54.80 to-ports=0-65535
add action=dst-nat chain=dstnat comment="monornet to datanet smtp r
dst-address=213.46.255.2 dst-port=25 protocol=tcp to-addresses=
194.149.13.161 to-ports=25
add action=dst-nat chain=dstnat comment="monornet to datanet smtp r
dst-address=213.46.255.2 dst-port=25 protocol=tcp to-addresses=
194.149.13.163 to-ports=25
add action=masquerade chain=srcnat comment="masquerade hotspot netw
disabled=yes src-address=192.168.20.0/24
add action=masquerade chain=srcnat comment="masquerade hotspot netw
disabled=yes src-address=89.135.50.64/26
add action=masquerade chain=srcnat comment="masquerade hotspot netw
disabled=yes src-address=89.135.50.64/26
/ip firewall service-port
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes -
Lezl
tag
válasz
Adamo_sx
#4024
üzenetére
Minden bizonnyal jó
Csak nem túlzottan látom át a konfigot, mit kéne keresnem hogy néz ki normál esetben egy ilyen szűrés? Van bent vagy 30 szabály... a tűzfalnál. Süsü vagyok hozzá.
A dhcp ip kiosztás sávszél korlátozás rész sima külső port átengedés dolgok mennek pl ezt a portot simán kiengedni tudom de lanon a 2 gép valami szabálllyal teljesen el van zárva...próbálkoznék szabályokkal, csak egy éles rendszer rajta 500 klienssel annyira nem lenne jó ha mindenki eldobná a kapcsolatot
Új hozzászólás Aktív témák
Hirdetés
ekkold- Honor 200 Pro - mobilportré
- Milyen belső merevlemezt vegyek?
- Audi, Cupra, Seat, Skoda, Volkswagen topik
- Intel Core i3 / i5 / i7 / i9 10xxx "Comet Lake" és i3 / i5 / i7 / i9 11xxx "Rocket Lake" (LGA1200)
- Kerékpárosok, bringások ide!
- Motorolaj, hajtóműolaj, hűtőfolyadék, adalékok és szűrők topikja
- Fotók, videók mobillal
- Le Mans Ultimate
- AMD K6-III, és minden ami RETRO - Oldschool tuning
- Xbox Series X|S
- További aktív témák...
- ÁRGARANCIA!Épített KomPhone i5 14600KF 32/64GB DDR5 RAM RTX 5070Ti 16GB GAMER PC termékbeszámítással
- Wilbur Smith könyvek (15 db) egyben
- Eladó Apple iPhone Xr 64GB fekete / ÚJ KIJELZŐ / 100% AKKU / 12 hónap jótállással!
- Xiaomi 13T Pro 512GB, Kártyafüggetlen, 1 Év Garanciával
- Dell USB-C, Thunderbolt 3, TB3, TB4 dokkolók (K20A) WD19TB/ WD19TBS/ WD22TB4, (K16A) TB16/ TB18DC
Állásajánlatok
Cég: Promenade Publishing House Kft.
Város: Budapest
Cég: PC Trade Systems Kft.
Város: Szeged