Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / Mikrotik

Firewall Untuk Keamanan Mikrotik

Diposting oleh Arjo Mangil

Firewall Untuk Keamanan Mikrotik


Mikrotik terkenal dengan firewallnya...untuk keamanan Mikrotik anda dari serangan luar maka inilah yang dibawah bentengnya...copykan perintah di bawah lalu pastekan di new terminal di winbox mikrotik anda....

/ip firewall filter add chain=input \
connection-state=invalid action=drop \
comment=”Drop_invalid_connections”
/ip firewall filter add chain=input \
protocol=udp action=accept comment=”UDP”
/ip firewall filter add chain=input \
protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”
/ip \
firewall filter add chain=input protocol=icmp action=drop \
comment=”Drop_excess_pings”
/ip firewall filter add chain=input protocol=tcp \
dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
/ip \
firewall filter add chain=input protocol=tcp dst-port=22 \
src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”
/ip \
firewall filter add chain=input protocol=tcp dst-port=23 \
src-address-list=ournetwork action=accept comment=”Telnet”
/ip firewall \
filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork \
action=accept comment=”Web”
/ip firewall filter add chain=input protocol=tcp \
dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
/ip \
firewall filter add chain=input protocol=tcp dst-port=1723 action=accept \
comment=”pptp-server”
/ip firewall filter add chain=input action=log \
log-prefix="DROP INPUT" comment=”Log_everything_else”
/ip firewall filter add \
chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept \
comment=”Telnet”
/ip firewall filter add chain=input protocol=tcp dst-port=80 \
src-address-list=ournetwork action=accept comment=”Web1”
/ip firewall mangle \
add chain=prerouting protocol=icmp action=mark-connection \
new-connection-mark=icmp-con passthrough=yes comment=” \
bikin_cepat_ping_dan_dns”
/ip firewall filter add chain=input protocol=tcp \
dst-port=1723 action=accept comment=”pptp-server”
/ip firewall filter add \
chain=input action=log log-prefix="DROP INPUT" \
comment=”Log¬everythingelse”
/ip firewall filter add chain=input protocol=tcp \
dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox1”
Ket:
Perintah di atas bukan hanya untuk Router mikrotik saja...Untuk Radio antenna access point atau Station yang bermerek mikrotik juga mantab di pasang perintah diatas...

sumber : http://www.wirelessrouterproxy.com