هو ده الي موجود في الفايرول فلتر
كود:
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
"place hotspot rules here" disabled=yes
add action=accept chain=forward connection-state=established disabled=no \
protocol=icmp
add action=accept chain=forward connection-state=related disabled=no \
protocol=icmp
add action=accept chain=forward disabled=no icmp-options=8:0 limit=5,30 \
protocol=icmp
add action=log chain=forward disabled=no log-prefix="Block Ping of Death" \
protocol=icmp
add action=drop chain=forward disabled=no protocol=icmp
add action=jump chain=forward comment=Jump_to_block-ddos disabled=no \
jump-target=block-ddos protocol=udp
add action=jump chain=input comment=Jump_to_block-ddos disabled=no \
jump-target=block-ddos protocol=udp
add action=return chain=block-ddos disabled=no limit=400,32
add action=log chain=block-ddos disabled=no log-prefix=DDOS_ATTACK:
add action=drop chain=block-ddos disabled=no limit=32,32
add action=jump chain=input comment=Jump_to_block-ddos disabled=no \
jump-target=block-ddos protocol=udp
add action=add-src-to-address-list address-list=blocked-addr \
address-list-timeout=1d chain=input connection-limit=100,32 disabled=no \
protocol=tcp
add action=tarpit chain=input connection-limit=3,32 disabled=no protocol=tcp \
src-address-list=blocked-addr
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
new disabled=no jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state=new disabled=no limit=\
400,5 protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new disabled=no protocol=\
tcp tcp-flags=syn
add action=drop chain=virus comment="Drop Spammer" disabled=no dst-port=25 \
protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
1d chain=virus comment="add to spammer list" connection-limit=30,32 \
disabled=no dst-port=25 limit=10,5 protocol=tcp src-address-list=!smtpOK
add action=drop chain=virus comment="SMTP SPAM stopper!" disabled=no \
dst-port=25 protocol=tcp src-address-list=!smtpOK
add action=drop chain=virus comment="Drop 53 DoS attack" disabled=no \
dst-port=53 protocol=tcp src-address-list=spammer
add action=drop chain=virus comment="Drop 53 DoS attack" disabled=no \
dst-port=53 protocol=udp src-address-list=spammer
add action=drop chain=virus comment="Drop 80 DoS attack" disabled=no \
dst-port=80 protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=\
2d chain=virus comment="Drop 80 DoS attack" connection-limit=40,32 \
disabled=no dst-port=80 limit=20,5 protocol=tcp src-address-list=!smtpOK
add action=drop chain=forward comment="drop invalid connections" \
connection-state=invalid disabled=no protocol=tcp
add action=accept chain=forward connection-state=established disabled=no
add action=accept chain=forward comment="allow related connections" \
connection-state=related disabled=no
add action=drop chain=forward disabled=no src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward disabled=no src-address=224.0.0.0/3
add action=drop chain=forward disabled=no dst-address=224.0.0.0/3
add action=jump chain=forward disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward disabled=no jump-target=udp protocol=udp
add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
add action=drop chain=tcp comment="deny TFTP" disabled=no dst-port=69 \
protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
111 protocol=tcp
add action=drop chain=tcp comment="deny RPC portmapper" disabled=no dst-port=\
135 protocol=tcp
add action=drop chain=tcp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=tcp
add action=drop chain=tcp comment="deny cifs" disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=tcp comment="deny NFS" disabled=no dst-port=2049 \
protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=\
12345-12346 protocol=tcp
add action=drop chain=tcp comment="deny NetBus" disabled=no dst-port=20034 \
protocol=tcp
add action=drop chain=tcp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=tcp
add action=drop chain=tcp comment="deny DHCP" disabled=no dst-port=67-68 \
protocol=tcp
add action=drop chain=udp comment="deny TFTP" disabled=no dst-port=69 \
protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
111 protocol=udp
add action=drop chain=udp comment="deny PRC portmapper" disabled=no dst-port=\
135 protocol=udp
add action=drop chain=udp comment="deny NBT" disabled=no dst-port=137-139 \
protocol=udp
add action=drop chain=udp comment="deny NFS" disabled=no dst-port=2049 \
protocol=udp
add action=drop chain=udp comment="deny BackOriffice" disabled=no dst-port=\
3133 protocol=udp
add action=accept chain=icmp comment="echo reply" disabled=no icmp-options=\
0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" disabled=no \
icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" disabled=no \
icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment=\
"host unreachable fragmentation required" disabled=no icmp-options=3:4 \
protocol=icmp
add action=accept chain=icmp comment="allow source quench" disabled=no \
icmp-options=4:0 protocol=icmp
add action=accept chain=icmp comment="allow echo request" disabled=no \
icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" disabled=no \
icmp-options=11:0 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types" disabled=no
add action=drop chain=input comment="drop ftp brute forcers" disabled=no \
dst-port=21 protocol=tcp src-address-list=ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no \
dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist \
address-list-timeout=3h chain=output content="530 Login incorrect" \
disabled=no protocol=tcp
add action=drop chain=input comment="drop ssh brute forcers" disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=1w3d chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new disabled=no \
dst-port=22 protocol=tcp
add action=drop chain=forward comment="drop ssh brute downstream" disabled=no \
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
add action=drop chain=forward comment=Conficker disabled=no dst-port=135 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=137 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=138 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=445 \
protocol=udp
add action=drop chain=forward comment=Conficker disabled=no dst-port=135 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=139 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=5933 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=445 \
protocol=tcp
add action=drop chain=forward comment=Conficker disabled=no dst-port=4691 \
protocol=tcp
2014/06/21, 04:52 AM
مشكله في ال log
المواضيع المتشابهه
