* * # dec/11/2017 22:01:09 by RouterOS 6.40.5 * # software id = 68WD-GPU0 * # * # model = CCR1016-12G * # serial number = 7430067C6E52 * /ip firewall address-list * add address=222.186.130.227 list=ssh_blacklist * add address=121.18.238.9 list=ssh_blacklist * add address=91.224.160.10 list=ssh_blacklist * add address=116.31.116.32 list=ssh_blacklist * add address=183.60.48.25 list=ssh_blacklist * add address=43.250.82.224/27 list=Youtube * add address=103.244.186.192/26 list=Youtube * /ip firewall filter * add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \ * protocol=tcp src-address-list=ssh_blacklist * add action=drop chain=forward comment="drop ssh brute forcers" dst-port=22 \ * protocol=tcp src-address-list=ssh_blacklist * add action=add-src-to-address-list address-list=ssh_blacklist \ * address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \ * protocol=tcp src-address-list=ssh_stage3 * add action=add-src-to-address-list address-list=ssh_stage3 \ * address-list-timeout=1m chain=input connection-state=new dst-port=22 \ * protocol=tcp src-address-list=ssh_stage2 * add action=add-src-to-address-list address-list=ssh_stage2 \ * address-list-timeout=1m chain=input connection-state=new dst-port=22 \ * protocol=tcp src-address-list=ssh_stage1 * add action=add-src-to-address-list address-list=ssh_stage1 \ * address-list-timeout=1m chain=input connection-state=new dst-port=22 \ * protocol=tcp * add action=drop chain=input dst-port=22 protocol=tcp * add action=drop chain=input dst-port=23 protocol=tcp * add action=drop chain=input dst-port=25 protocol=tcp * add action=drop chain=forward dst-port=25 protocol=tcp * add action=drop chain=input dst-port=21 protocol=tcp * add action=drop chain=input protocol=tcp src-port=135-139 * add action=drop chain=input protocol=udp src-port=135-139 * add action=drop chain=input protocol=udp src-port=445 * add action=drop chain=input protocol=tcp src-port=\ * 2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721 * add action=drop chain=input protocol=udp src-port=\ * 2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721 * add action=drop chain=input protocol=tcp src-port=445 * add action=drop chain=input protocol=tcp src-port=1718 * add action=drop chain=input protocol=udp src-port=1718 * add action=drop chain=input protocol=tcp src-port=1719 * add action=drop chain=input protocol=udp src-port=1719 * add action=drop chain=forward dst-port=1718-1720 protocol=udp * add action=drop chain=forward dst-port=1718-1720 protocol=tcp * add action=drop chain=forward dst-port=11720 protocol=tcp * add action=drop chain=forward dst-port=11720 protocol=udp * add action=drop chain=forward dst-port=4156 protocol=udp * add action=drop chain=forward dst-port=1978 protocol=udp * add action=drop chain=forward dst-port=1978 protocol=tcp * add action=drop chain=forward dst-port=559 protocol=tcp * add action=drop chain=forward dst-port=10100 protocol=udp * /ip firewall mangle * add action=mark-packet chain=prerouting comment=<<>> \ * new-packet-mark=Youtube-New passthrough=yes src-address-list=Youtube * add action=mark-packet chain=prerouting comment="<<< Youtube >>>" \ * dst-address-list=Youtube new-packet-mark=Youtube-New passthrough=yes * /ip firewall service-port * set ftp disabled=yes * set tftp disabled=yes * set irc disabled=yes * set h323 disabled=yes * set pptp disabled=yes