Monday, December 23, 2013

A firewall is a software that serves to provide a policy against traffic, if there is traffic that is considered safe then the traffic will be permitted, but if there is traffic deemed unsafe then the traffic will be rejected.The firewall can also be enabled to provide privacy to the user who can and can not internet. Here is an example of creating a firewall rule on the router mikrotik RB411U. Start RouterOS version 2.9, known feature called IP Address List. This feature is a grouping of a particular IP address and every IP Address We could call it. This group can be used as a parameter in the mangle, firewall filters, grout, or queue.

Before you create a firewall rule is useful to determine in advance the address list .
[admin@MikroTik] /ip firewall address-list>add address=103.5.45.8/29 list=ournetwork
[admin@MikroTik] /ip firewall address-list>add address=192.168.1.0/24 list=ournetwork
[admin@MikroTik] /ip firewall address-list>add address=192.168.1.10 list=Share-Printer
Rule firewall on the router MikroTik RB411U :
[admin@MikroTik] /ip firewall filter> 
/add chain=forward action=accept connection-state=established comment="allow established connections"
/add chain=forward action=accept connection-state=related comment="allow related connections"
/add chain=forward action=drop connection-state=invalid comment="drop invalid connections"
/add chain=virus action=drop protocol=tcp dst-address-list=!Share-Printer dst-port=135-139 comment="Drop Blaster Worm"
/add chain=virus action=drop protocol=udp dst-address-list=!Share-Printer dst-port=135-139 comment="Drop Messenger Worm"
/add chain=virus action=drop protocol=tcp dst-port=1433-1434 comment="Worm"
/add chain=virus action=drop protocol=tcp dst-address-list=!Share-Printer dst-port=445 comment="Drop Blaster Worm"
/add chain=virus action=drop protocol=udp dst-port=445 comment="Drop Blaster Worm"
/add chain=virus action=drop protocol=tcp dst-port=593 comment="---"
/add chain=virus action=drop protocol=tcp dst-port=1024-1030 comment="---"
/add chain=virus action=drop protocol=tcp dst-port=1080 comment="Drop MyDoom"
/add chain=virus action=drop protocol=tcp dst-port=1214 comment="---"
/add chain=virus action=drop protocol=tcp dst-port=1363 comment="ndm requester"
/add chain=virus action=drop protocol=tcp dst-port=1364 comment="ndm server"
/add chain=virus action=drop protocol=tcp dst-port=1368 comment="screen cast"
/add chain=virus action=drop protocol=tcp dst-port=1373 comment="hromgrafx"
/add chain=virus action=drop protocol=tcp dst-port=1377 comment="cichlid"
/add chain=virus action=drop protocol=tcp dst-port=2745 comment="Bagle Virus"
/add chain=virus action=drop protocol=tcp dst-port=2283 comment="Drop Dumaru.Y"
/add chain=virus action=drop protocol=tcp dst-port=2535 comment="Drop Beagle"
/add chain=virus action=drop protocol=tcp dst-port=2745 comment="Drop Beagle.C-K"
/add chain=virus action=drop protocol=tcp dst-port=3127 comment="Drop MyDoom"
/add chain=virus action=drop protocol=tcp dst-port=3410 comment="Drop Backdoor OptixPro"
/add chain=virus action=drop protocol=tcp dst-port=4444 comment="Worm"
/add chain=virus action=drop protocol=udp dst-port=4444 comment="Worm"
/add chain=virus action=drop protocol=tcp dst-port=5554 comment="Drop Sasser"
/add chain=virus action=drop protocol=tcp dst-port=8866 comment="Drop Beagle.B"
/add chain=virus action=drop protocol=tcp dst-port=9898 comment="Drop Dabber.A-B"
/add chain=virus action=drop protocol=tcp dst-port=10000 comment="Drop Dumaru.Y (vpn atau webmin)"
/add chain=virus action=drop protocol=tcp dst-port=10080 comment="Drop MyDoom.B"
/add chain=virus action=drop protocol=tcp dst-port=12345 comment="Drop NetBus"
/add chain=virus action=drop protocol=tcp dst-port=17300 comment="Drop Kuang2"
/add chain=virus action=drop protocol=tcp dst-port=27374 comment="Drop SubSeven"    /add chain=virus action=drop protocol=tcp dst-port=65506 comment="Drop PhatBot, Agobot, Gaobot"
/add chain=forward action=jump jump-target=virus comment="jump to the virus chain"
/add chain=input action=accept connection-state=established comment="Accept established connections"
/add chain=input action=accept connection-state=related comment="Accept related connections"
/add chain=input action=drop connection-state=invalid comment="Drop invalid connections"
/add chain=input action=accept protocol=udp comment="UDP"
/add chain=input action=accept protocol=icmp limit=50/5s,2 comment="Allow limited pings"
/add chain=input action=drop protocol=icmp comment="Drop excess pings"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=21 comment="FTP"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=22 comment="SSH"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=23 comment="Telnet"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=80 comment="http"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=8291 comment="Webmin"
/add chain=input action=accept src-address-list=ournetwork comment="Network Accept MikroTik"
/add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
/add chain=input action=drop comment="Drop everything else"
Thank You For Reading This Article
Title: Implementation of Firewalls with MikroTik
Written by achmad saifudin
Give your comments and suggestions on this article. Greetings Bloggers, Thank You

0 comments:

Post a Comment