Beranda > Mikrotik > Proteksi Keamanan Wireless

Proteksi Keamanan Wireless

Untuk keamanan Routerboard Mikrotik dari hack atau cut IP, maka copykan seluruk perintah di bawah ini,kemudian pastekan di new terminal :
–Untuk Keamanan Filter Port Forces:
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment=”Drop_SSH_brute_forces” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist \ address-list-timeout=1w3d comment=”Drop_SSH_brute_forces1” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces2” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment=”Drop_SSH_brute_forces3” disabled=no
/ip firewall filter add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment=” Drop_SSH_brute_forces4”

–Untuk Filter Port Scanning
/ip firewall filter add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=”Port_Scanners_To_List” disabled=no
/ip firewall filter add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg action=add-src-to-address-list address-list=”port scanners” address-list-timeout=2w comment=” Port_Scanners_To_List1” disabled=no

 

–Untuk Filter Port FTP

/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment=”Filter_FTP_to_Box” disabled=no

/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m action=accept comment=”Filter_port_FTP1” disabled=no
/ip firewall filter add chain=output protocol=tcp content=”530 Login incorrect” action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h comment=”Filter_port_FTP1” disabled=no

 

–Untuk Separate Packet Flag

/ip firewall filter add chain=forward protocol=tcp action=jump jump-target=tcp comment=”Separate_Protocol_into_Chains1” disabled=no

/ip firewall filter add chain=forward protocol=udp action=jump jump-target=udp comment=”Separate_Protocol_into_Chains2” disabled=no
/ip firewall filter add chain=forward protocol=icmp action=jump jump-target=icmp comment=”Separate_Protocol_into_Chains3” disabled=no

 

–Untuk Blok UDP traffic Iblis

/ip firewall filter add chain=udp protocol=udp dst-port=69 action=drop comment=”Blocking_UDP_Packet1” disabled=no

/ip firewall filter add chain=udp protocol=udp dst-port=111 action=drop comment=”Blocking_UDP_Packet2” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=135 action=drop comment=”Blocking_UDP_Packet3” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=137-139 action=drop comment=”Blocking_UDP_Packet4” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=2049 action=drop comment=”Blocking_UDP_Packet5” disabled=no
/ip firewall filter add chain=udp protocol=udp dst-port=3133 action=drop comment=”Blocking_UDP_Packet6” disabled=no

–Untuk Blok TCP traffic Iblis

/ip firewall filter add chain=tcp protocol=tcp dst-port=69 action=drop comment=”Bloking_TCP_Packet” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=111 action=drop comment=”Bloking_TCP_Packet1” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=119 action=drop comment=”Bloking_TCP_Packet2” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=135 action=drop comment=”Bloking_TCP_Packet3” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=137-139 action=drop comment=”Bloking_TCP_Packet4” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=445 action=drop comment=”Bloking_TCP_Packet5” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=2049 action=drop comment=”Bloking_TCP_Packet6” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment=”Bloking_TCP_Packet7” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=20034 action=drop comment=”Bloking_TCP_Packet8” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=3133 action=drop comment=”Bloking_TCP_Packet9” disabled=no
/ip firewall filter add chain=tcp protocol=tcp dst-port=67-68 action=drop comment=”Bloking_TCP_Packet10” disabled=no

–Untuk Blocking Bukis Mail Traffic

/ip firewall filter add chain=forward protocol=tcp dst-port=25 action=drop comment=”Allow_SMTP” disabled=no

–Untuk Filter DOS
/ip firewall filter add chain=icmp protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”Limited_Ping_Flood1” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”Limited_Ping_Flood2” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood3” disabled=no
/ip firewall filter add chain=icmp protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”Limited_Ping_Flood4” disabled=no
/ip firewall filter add chain=icmp protocol=icmp action=drop comment=”Limited_Ping_Flood5” disabled=no

–Untuk Connection P2P

/ip firewall filter add chain=forward p2p=all-p2p action=accept comment=”trafik_P2P” disabled=no
–Untuk Filter Junk Dan Koneksi yang Benar

/ip firewall filter add chain=input connection-state=established action=accept comment=”Connection_State1” disabled=no

/ip firewall filter add chain=input connection-state=related action=accept comment=”Connection_State2” disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Connection_State3” disabled=no

–untuk Allow estabilished Connections

/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow_Established_Connections”

–Untuk Related Connections
/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow_Realted_connections”

–Untuk Drop Invalid Connections

/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop_Invalid_Connections”

 

–Untuk Drop Virus
/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”drop_invalid_connections”
/ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ ip firewall filter add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop_Blaster_Worm”
/ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=”________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”__________”
/ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment=”

Drop¬_MyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=”______”
/ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=”ndm requester”
/ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=”ndm server”
/ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=”screen cast”
/ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=”hromgrafx”
/ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=”cichlid”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”BagleVirus”
/ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=”DropDumaruY”
/ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=”DropBeagle”
/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”DropBeagle_C-K”
/ip firewall filter add chain=virus protocol=tcp dst-port=3127 action=drop comment=”DropMyDoom”
/ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=”DropBackdoorOptixPro”
/ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm1”
/ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm2”
/ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=”DropSasser”
/ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=”DropBeagleB”
/ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=”DropDabber-A-B”
/ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=”DropMyDoom-B”
/ip firewall filter add chain=virus protocol=tcp dst-port=12345 action=drop comment=”DropNetBus”
/ip firewall filter add chain=virus protocol=tcp dst-port=17300 action=drop comment=”DropKuang2”
/ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=”DropSubSeven”
/ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=”DropPhatBot,Agobot,Gaobot”
/ip firewall filter add chain=forward action=jump jump-target=virus comment=”jump to the virus chain”

–Untuk Accept Estabilished Connections

/ip firewall filter add chain=input connection-state=established action=accept comment=”Accept_established_connections”

–Untuk Accept Related Connections
/ip firewall filter add chain=input connection-state=related action=accept comment=”Accept_related_connections”

–Untuk Drop Invalid Connections
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop_invalid_connections”

–Untuk UDP
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”

–Untuk Allow Limited Ping
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”

–Untuk Drop Excess Ping
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”

–Untuk FTP
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”

–Untuk SSH for Secure shell
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”

–Untuk Telnet

/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”

–Untuk Web

 

/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”

–Untuk Winbox

/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”

–buat pptp-server

/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”

–Buat log Everything else
/ip firewall filter add chain=input action=log log-prefix=”DROP INPUT” comment=”Log_everything_else”

–Buat Anti netcut
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut1″ disabled=no dst-port=0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut2″ disabled=no dst-port=0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut3″ disabled=no dst-port=0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut4″ disabled=no dst-port=0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut5″ disabled=no dst-port=0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut6″ disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut7″ disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut8″ disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
/ip firewall filter add action=accept chain=input comment=”Anti-Netcut9″ disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
–Buat Mematikan Port yang digunakan SPAM

/ip firewall filter add chain=forward dst-port=135-139 protocol=tcp action=drop

/ip firewall filter add chain=forward dst-port=135-139 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=445 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=593 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=4444 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=5554 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=9996 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=995-999 protocol=udp action=drop
/ip firewall filter add chain=forward dst-port=53 protocol=tcp action=drop
/ip firewall filter add chain=forward dst-port=55 protocol=tcp action=drop

  1. Belum ada komentar.
  1. No trackbacks yet.

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s