Firewall Untuk Keamanan Mikrotik

Mikrotik terkenal dengan firewallnya...untuk keamanan Mikrotik anda dari serangan luar maka inilah yang dibawah bentengnya...copykan perintah di bawah lalu pastekan di new terminal di winbox mikrotik anda....
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop_invalid_connections”
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log_everything_else”
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web1”
/ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp-con passthrough=yes comment=” bikin_cepat_ping_dan_dns”
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log¬everythingelse”
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox1”

Ket:
Perintah di atas bukan hanya untuk Router mikrotik saja...Untuk Radio antenna access point atau Station yang bermerek mikrotik juga mantab di pasang perintah diatas...

Selamat mencoba... sumber : http://wirelessrouterproxy.blogspot.com
Categories:

Related Post:



My Linux Note | Based on the Design by Tricks-Collection | Unlimited Entertainment like TV Shows and Movies collections