FIREWALL BÁSICO - MIKROTIK
Mikrotik Reglas básicas de filtro de firewall para proteger su enrutador.
Copie el código siguiente en el bloc de notas y cambie el nombre de la interfaz ...
en la secuencia de comandos siguiente, estoy usando interface = ether1-gateway
en la secuencia de comandos siguiente, estoy usando interface = ether1-gateway
PROBADO EN v.6.28
. .
..
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="Allow Webfig Access from Wan" disabled=yes dst-port=81 in-interface=ether1-gateway protocol=tcp
add chain=input comment="Allow Winbox from Internal -Interface" dst-port=8291 in-interface=!ether1-gateway protocol=tcp
add chain=input comment="Allow Winbox Access from Wan" disabled=yes dst-port=8291 in-interface=ether1-gateway protocol=tcp
add chain=input dst-port=8291 in-interface=!ether1-gateway protocol=tcp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="Allow Webfig Access from Wan" disabled=yes dst-port=81 in-interface=ether1-gateway protocol=tcp
add chain=input comment="Allow Winbox from Internal -Interface" dst-port=8291 in-interface=!ether1-gateway protocol=tcp
add chain=input comment="Allow Winbox Access from Wan" disabled=yes dst-port=8291 in-interface=ether1-gateway protocol=tcp
add chain=input dst-port=8291 in-interface=!ether1-gateway protocol=tcp
add chain=input comment="default configuration" connection-state=established,related
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established,related
add action=drop chain=forward comment="default configuration" connection-state=invalid
add action=drop chain=forward comment="default configuration" connection-nat-state=!dstnat connection-state=new in-interface=ether1-gateway
Comparte
0 comentarios:
Publicar un comentario