السلام عليكم


كنت حطيت الرول ده

/system logging
add action=memory disabled=no prefix="" topics=hotspot
add action=memory disabled=no prefix="" topics=firewall

وعايز الغيه بس مش عارف




http://im63.gulfup.com/pHkvNr.png

انا عملت الخطوه دي وشلتهم خالص بس برضوا لسه شغال الرول


http://im63.gulfup.com/5jukTg.png

للمسح

ip

firewall

filter rules


واختار الرولات اللى عاوز تمسحها ياغالى



وجرب ونحن معك


لكن انتبه امسح الرولات فقط اللى مش عاوزها ولا تمسح اى شئ اخر اوك

وللضمان خذ بيك أب من سيرفرك قبل عمل اى تغيير او تعديل

انا عايز الغي firewall INFO

الي بتظهر في ال LOG

نفس الطريقة ياغالى


لان كل رول انتا بتضيفه لسيرفرك بيروح فى


ip

firewall

filter rules


دور عليه وامسحة

هو ده الي موجود في الفايرول فلتر

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward connection-state=established disabled=no \
protocol=icmp
add action=accept chain=forward connection-state=related disabled=no \
protocol=icmp
add action=accept chain=forward disabled=no icmp-options=8:0 limit=5,30 \
protocol=icmp
add action=log chain=forward disabled=no log-prefix="Block Ping of Death" \
protocol=icmp
add action=drop chain=forward disabled=no protocol=icmp
add action=jump chain=forward comment=Jump_to_block-ddos disabled=no \
jump-target=block-ddos protocol=udp
add action=jump chain=input comment=Jump_to_block-ddos disabled=no \
jump-target=block-ddos protocol=udp
add action=return chain=block-ddos disabled=no limit=400,32
add action=log chain=block-ddos disabled=no log-prefix=DDOS_ATTACK:
add action=drop chain=block-ddos disabled=no limit=32,32
add action=jump chain=input comment=Jump_to_block-ddos disabled=no \
jump-target=block-ddos protocol=udp
add action=add-src-to-address-list address-list=blocked-addr \
address-list-timeout=1d chain=input connection-limit=100,32 disabled=no \
protocol=tcp
add action=tarpit chain=input connection-limit=3,32 disabled=no protocol=tcp \
src-address-list=blocked-addr
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
new disabled=no jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state=new disabled=no limit=\
400,5 protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new disabled=no protocol=\
tcp tcp-flags=syn
add action=drop chain=virus comment="Drop Spammer" disabled=no dst-port=25 \
protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=virus comment="add to spammer list" connection-limit=30,32 \
disabled=no dst-port=25 limit=10,5 protocol=tcp src-address-list=!smtpOK
add action=drop chain=virus comment="SMTP SPAM stopper!" disabled=no \
dst-port=25 protocol=tcp src-address-list=!smtpOK
add action=drop chain=virus comment="Drop 53 DoS attack" disabled=no \
dst-port=53 protocol=tcp src-address-list=spammer
add action=drop chain=virus comment="Drop 53 DoS attack" disabled=no \
dst-port=53 protocol=udp src-address-list=spammer
add action=drop chain=virus comment="Drop 80 DoS attack" disabled=no \
dst-port=80 protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
2d chain=virus comment="Drop 80 DoS attack" connection-limit=40,32 \
disabled=no dst-port=80 limit=20,5 protocol=tcp src-address-list=!smtpOK
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid disabled=no protocol=tcp
add action=accept chain=forward connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=no
add action=drop chain=forward disabled=no src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward disabled=no src-address=224.0.0.0/3
add action=drop chain=forward disabled=no dst-address=224.0.0.0/3
add action=jump chain=forward disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward disabled=no jump-target=udp protocol=udp
add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
protocol=tcp
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=udp
add action=accept chain=icmp comment="echo reply" disabled=no icmp-options=\
0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" disabled=no \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" disabled=no \
icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=\
"host unreachable fragmentation required" disabled=no icmp-options=3:4 \
protocol=icmp
add action=accept chain=icmp comment="allow source quench" disabled=no \
icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" disabled=no \
icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" disabled=no \
icmp-options=11:0 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types" disabled=no
add action=drop chain=input comment="drop ftp brute forcers" disabled=no \
dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no \
dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
disabled=no protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=forward comment=Conficker disabled=no dst-port=135 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=137 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=138 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=445 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=135 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=139 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=5933 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=4691 \
protocol=tcp

اخى ممكن ترفع الرول اللى حضرتك ضفته عندك