Lagi lagi ngomong Firewall .... marahi mumpluk neng lambe, mumet neng sirah, apalagi pas ada kendala, bisa jadi bumerang buat si admin hehehehh...
Toh sebetulnya gak ada yg nyarankan memasang terlalu rumit. Kapan iso lemu jika tiap hari selalu mikirin Firewall dan masalahnya...wakakakaka....
Belum lagi keterbatasan perangkat yg kita jagokan sebagai Router itu, cukup mampukah bekerja dgn system serumit itu? Akan menjadi maximal'kah?? Atau bahkan mungkin malah menjadi ngambek ??? (mesin opo ngerti ngambek..enek'e koit mergo stress mikir tugas sing hoakeh)
Langsung aja ini Script'nya masbro... mohon diedit ulang biar sesuai dgn punyak'e sampean...
1. Untuk filter brute forces
----------------------------
/ ip firewall filter
add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="Drop SSH brute forcers" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no
add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no
2. Untuk filter port scaning
----------------------------
/ ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="Port Scanners to list" disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=syn,rst action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="" disabled=no
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w comment="" disabled=no
add chain=input src-address-list="port scanners" action=drop comment="" disabled=no
3. Untuk filter port FTP
------------------------
/ ip firewall filter
add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment="Filter FTP to Box" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m action=accept comment="" disabled=no
add chain=output protocol=tcp content="530 Login incorrect" action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment="" disabled=no
4. Untuk separate packet flag
-----------------------------
/ ip firewall filter
add chain=forward protocol=tcp action=jump jump-target=tcp comment="Separate Protocol into Chains" disabled=no
add chain=forward protocol=udp action=jump jump-target=udp comment="" disabled=no
add chain=forward protocol=icmp action=jump jump-target=icmp comment="" disabled=no
5. Untuk blocking UDP traffik setan
----------------------------------
/ ip firewall filter
add chain=udp protocol=udp dst-port=69 action=drop comment="Blocking UDP Packet" disabled=no
add chain=udp protocol=udp dst-port=111 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=135 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=137-139 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=2049 action=drop comment="" disabled=no
add chain=udp protocol=udp dst-port=3133 action=drop comment="" disabled=no
6. Untuk blocking tcp traffik setan
-----------------------------------
/ ip firewall filter
add chain=tcp protocol=tcp dst-port=69 action=drop comment="Bloking TCP Packet" disabled=no
add chain=tcp protocol=tcp dst-port=111 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=119 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=135 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=445 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="" disabled=no
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="" disabled=no
7. Untuk bloking bukis mail traffic
-----------------------------------
/ ip firewall filter
add chain=forward protocol=tcp dst-port=25 action=drop comment="Allow SMTP" disabled=no
8. Untuk membuat filter DOS
---------------------------
/ ip firewall filter
add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment="Limited Ping Flood" disabled=no
add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment="" disabled=no
add chain=icmp protocol=icmp action=drop comment="" disabled=no
9. Untuk membuat filter koneksi P2P
------------------------------------
/ ip firewall filter
add chain=forward p2p=all-p2p action=accept comment="trafik P2P" disabled=no
10. Untuk membuat filter akses jalur mapping network
----------------------------------------------------
/ ip firewall filter
add chain=input dst-address-type=broadcast,multicast action=accept comment="Allow Broadcast Traffic" disabled=no
add chain=input src-address=192.168.0.0/28 action=accept comment="Allow access to router from known network" disabled=no
add chain=input src-address=192.168.1.0/24 action=accept comment="" disabled=no
add chain=input src-address=192.168.2.0/30 action=accept comment="" disabled=no
add chain=input src-address=125.162.0.0/16 action=accept comment="" disabled=no
Powered by Blogger.
Entri Populer
-
Persiapan : PC atau Laptop (awas njeblug) Webcam, rekomendasi pakai yang 1,3 MP aja Sambungan kabel USB yg panjang Software buat me...
-
Apakah USB OTG? USB OTG adalah singkatan dari Universal Serial bus On The Go. USB OTG adalah sebuah fitur baru pada smartphone yang ...
-
Bagi teman2 owner/teknisi game center apa yang kalian rasakan saat update game online yang kadang harus di patch satu persatu (manual patch...
-
Bahas lagi masalah update game online di warnet. Buat yang gak punya Gacape, Cyberindo dan sejenisnya urusan update meng-update merupakan ri...
Blog Archive
Contact Form
Friday, 8 November 2013
Firewall Untuk Mengamankan
Diposting oleh GreenLand di 01:02
Label: Networking, Tutorial
Subscribe to:
Post Comments (Atom)
0 komentar:
Post a Comment