Seleccionar página

Quería compartir un pequeño script para mikrotik, que uso siempre como uno de los primeros pasos al configurar un mikrotik.

A partir de éste luego ya voy haciendo mis modificaciones, pero ahorra mucho tiempo tenerlo siempre a mano.

MI FIREWALL

/ip firewall filter

# Acceso FTP a un servidor Cambiar IP#

add action=accept chain=accept_list comment=”Forward FTP to Server” dst-address=192.168.20.10 dst-port=21 protocol=tcp

# Acceso VNC a un equipo Cambiar IP#

add action=accept chain=accept_list comment=”Forward VNC to PC” dst-address=192.168.20.10 dst-port=5900 protocol=tcp

# known_viruses AND Bad People #

add action=drop chain=known_viruses comment=”windows – not EXACTLY a virus” dst-port=135-139 protocol=tcp

add action=drop chain=known_viruses comment=”windows – not EXACTLY a virus” dst-port=135-139 protocol=udp

add action=drop chain=known_viruses comment=”winXP netbios not EXACTLY a virus” dst-port=445 protocol=udp

add action=drop chain=known_viruses comment=”winXP netbios not EXACTLY a virus” dst-port=445 protocol=tcp

add action=drop chain=known_viruses comment=”msblast worm” dst-port=593 protocol=tcp

add action=drop chain=known_viruses comment=”msblast worm” dst-port=4444 protocol=tcp

add action=drop chain=known_viruses comment=”WITTY worm” dst-port=4000 protocol=tcp

add action=drop chain=known_viruses comment=”SoBig.f worm” dst-port=995-999 protocol=tcp

add action=drop chain=known_viruses comment=”SoBig.f worm” dst-port=8998 protocol=tcp

add action=drop chain=known_viruses comment=”beagle worm” dst-port=2745 protocol=tcp

add action=drop chain=known_viruses comment=”beagle worm” dst-port=4751 protocol=tcp

add action=drop chain=known_viruses comment=”SQL Slammer” dst-port=1434 protocol=tcp

add action=drop chain=bad_people comment=”Known Spammer” src-address=81.180.98.3

add action=drop chain=bad_people comment=”Known Spammer” src-address=24.73.97.226

add action=drop chain=bad_people comment=”http://isc.incidents.org/top10.html listed” src-address=67.75.20.112

add action=drop chain=bad_people src-address=218.104.138.166

add action=drop chain=bad_people src-address=212.3.250.194

add action=drop chain=bad_people src-address=203.94.243.191

add action=drop chain=bad_people src-address=202.101.235.100

add action=drop chain=bad_people src-address=58.16.228.42

add action=drop chain=bad_people src-address=58.248.8.2

add action=drop chain=bad_people src-address=202.99.11.99

add action=drop chain=bad_people src-address=218.52.237.219

add action=drop chain=bad_people src-address=222.173.101.157

add action=drop chain=bad_people src-address=58.242.34.235

add action=drop chain=bad_people src-address=222.80.184.23

add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm”

add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm”    

add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm”

add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm”

add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”

add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________”

add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom”

add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________”

add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”

add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”

add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”

add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”

add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”

add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”

add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus”

add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y”

add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle”

add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K”

add chain=virus protocol=tcp dst-port=3127-3128 action=drop comment=”Drop MyDoom”

add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro”

add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm”

add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm”

add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser”

add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B”

add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B”

add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y”

add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B”

add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus”

add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″

add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven”

add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot”

# Drop SSH por fuerza bruta#

add action=drop chain=input comment=”drop ssh brute forcers” dst-port=22 protocol=tcp src-address-list=ssh_blacklist

add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new

    dst-port=22 protocol=tcp src-address-list=ssh_stage3

add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new

    dst-port=22 protocol=tcp src-address-list=ssh_stage2

add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new

    dst-port=22 protocol=tcp src-address-list=ssh_stage1

add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new

    dst-port=22 protocol=tcp

# Limite conexiones FTP #

add action=drop chain=input comment=”allows only 10 FTP login incorrect answers per minute” dst-port=21 protocol=tcp

    src-address-list=ftp_blacklist

# Añadir a listas #

add action=accept chain=output content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m protocol=tcp

add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content=”530 Login

    incorrect” protocol=tcp

add action=drop chain=forward comment=”drop invalid connections DELETE” connection-state=invalid

add action=drop chain=forward comment=”Blocks SSH” dst-port=22 protocol=tcp

add action=jump chain=forward comment=”Known virus ports DELETE” jump-target=known_viruses

add action=jump chain=forward comment=”kill known bad source addresses DELETE” jump-target=bad_people

add action=jump chain=forward comment=”Jump to Accepted List” jump-target=accept_list

add action=accept chain=forward comment=”allow established connections DELETE” connection-state=established

add action=accept chain=forward comment=”allow related connections DELETE” connection-state=related

add action=accept chain=forward comment=”Allow All”

add chain=input connection-state=established comment=”Accept established connections”

add chain=input connection-state=related comment=”Accept related connections”

add chain=input connection-state=invalid action=drop comment=”Drop invalid connections”

add chain=input protocol=udp action=accept comment=”UDP” disabled=no

add chain=input protocol=tcp dst-port=8291 comment=”winbox”

# Ataques de DoS #

add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and drop port scan connections” disabled=no

add chain=input protocol=tcp connection-limit=3,32 src-address-list=black_list action=tarpit

comment=”suppress DoS attack” disabled=no

add chain=input protocol=tcp connection-limit=10,32 action= add-src-to-address-list

address-list=black_list  address-list-timeout=1d comment=”detect DoS attack” disabled=no

# Limites de PING #

add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”0:0 and limit for 5pac/s” disabled=no

add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”3:3 and limit for 5pac/s” disabled=no

add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”3:4 and limit for 5pac/s” disabled=no

add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”8:0 and limit for 5pac/s” disabled=no

add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”11:0 and limit for 5pac/s” disabled=no

add chain=ICMP protocol=icmp action=drop comment=”Drop everything else” disabled=no

# Un Outgoing allow, expecto el trafico no deseado #

add chain=forward action=accept protocol=tcp dst-port=80 comment=”Allow HTTP”

add chain=forward action=accept protocol=tcp dst-port=25 comment=”Allow SMTP”

add chain=forward protocol=tcp comment=”allow TCP”

add chain=forward protocol=icmp comment=”allow ping”

add chain=forward protocol=udp comment=”allow udp”

add chain=forward action=drop comment=”drop everything else”

Comparte si te ha gustado el artículo!

Si continuas utilizando este sitio aceptas el uso de cookies. Más información

Las opciones de cookie en este sitio web están configuradas para "permitir cookies" para ofrecerte una mejor experiencia de navegación. Si sigues utilizando este sitio web sin cambiar tus opciones o haces clic en "Aceptar" estarás consintiendo las cookies de este sitio.

Cerrar