Scribd Logo
Upload

Welcome to Scribd!

  • 62 views

    Firewall Mikrotik Basico

    Uploaded by

    Jony Fock
    This document summarizes the configuration of basic firewall rules for a MikroTik router. It establishes rules to accept established and related connections, drop invalid connections, and accept VPN and SSH connections. It also logs and drops ping requests, implements port knocking to allow SSH access, and adds rules to mitigate brute force attacks and denial of service attempts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Firewall Mikrotik Basico

    Uploaded by

    Jony Fock
    62 views2 pages
    This document summarizes the configuration of basic firewall rules for a MikroTik router. It establishes rules to accept established and related connections, drop invalid connections, and accept VPN and SSH connections. It also logs and drops ping requests, implements port knocking to allow SSH access, and adds rules to mitigate brute force attacks and denial of service attempts.

    Original Title

    FIREWALL MIKROTIK BASICO

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document summarizes the configuration of basic firewall rules for a MikroTik router. It establishes rules to accept established and related connections, drop invalid connections, and accept VPN and SSH connections. It also logs and drops ping requests, implements port knocking to allow SSH access, and adds rules to mitigate brute force attacks and denial of service attempts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    62 views2 pages

    Firewall Mikrotik Basico

    Uploaded by

    Jony Fock
    This document summarizes the configuration of basic firewall rules for a MikroTik router. It establishes rules to accept established and related connections, drop invalid connections, and accept VPN and SSH connections. It also logs and drops ping requests, implements port knocking to allow SSH access, and adds rules to mitigate brute force attacks and denial of service attempts.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 2

    FIREWALL MIKROTIK BASICO

    ip firewall filter add connection-state=established action=accept chain=input

    ip firewall filter add connection-state=related action=accept chain=input

    ip firewall filter add connection-state=invalid action=drop chain=input

    comment="ACEPTO CONEXIONES VPN

    ip firewall filter add protocol=gre action=accept chain=input

    ip firewall filter add protocol=tcp dst-port=1723 action=accept chain=input

    DENEGAR PING

    ip firewall filter add protocol=icmp chain=input action=log log-prefix="PING DENEGADO"

    ip firewall filter add protocol=icmp action=accept chain=input comment="DENIEGO ICMP"

    log print

    23:34:12 firewall,info PING DENEGADO input: in:ether1 out:(none), src-mac 00:21:70:fd:e3:25,


    proto ICMP (type 8, code 0), 192.168.4.254->192.168.4.1, len 64

    Port knocking

    ip firewall filter add chain=input connection-state=new protocol=tcp dst-port=77 action=add-src-


    to-address-list address-list=ssh-permit-temp address-list-timeout=1h src-address-list=ste

    ip firewall filter add chain=input connection-state=new protocol=tcp dst-port=55 action=add-src-


    to-address-list address-list=step2 address-list-timeout=1m src-address-list=step1

    ip firewall filter add chain=input connection-state=new protocol=tcp dst-port=33 action=add-src-


    to-address-list address-list=step1 address-list-timeout=1m

    ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=!ssh-permit-temp


    action=drop
    FUERZA BRUTA

    ip firewall filter add chain=input connection-state=new protocol=tcp dst-port=22 action=add-src-


    to-address-list address-list=ssh-blacklist address-list-timeout=10d src-address-list=ssh3

    ip firewall filter add chain=input connection-state=new protocol=tcp dst-port=22 action=add-src-


    to-address-list address-list=ssh3 address-list-timeout=1m src-address-list=ssh2

    ip firewall filter add chain=input connection-state=new protocol=tcp dst-port=22 action=add-src-


    to-address-list address-list=ssh2 address-list-timeout=1m src-address-list=ssh1

    ip firewall filter add chain=input connection-state=new protocol=tcp dst-port=22 action=add-src-


    to-address-list address-list=ssh1 address-list-timeout=1m

    ip firewall filter add chain=input protocol=tcp dst-port=22 action=drop address-list=ssh-blacklist

    dos

    ip firewall filter add chain=forward dst-address=163.10.0.84 protocol=tcp dst-port=80


    action=tarpit connection-limit=20,32

    You might also like