AMINUL ISLAM SHAMIM

User Tools

Site Tools

Trace: fw
fw
  • # dec/11/2017 22:01:09 by RouterOS 6.40.5
  • # software id = 68WD-GPU0
  • #
  • # model = CCR1016-12G
  • # serial number = 7430067C6E52
  • /ip firewall address-list
  • add address=222.186.130.227 list=ssh_blacklist
  • add address=121.18.238.9 list=ssh_blacklist
  • add address=91.224.160.10 list=ssh_blacklist
  • add address=116.31.116.32 list=ssh_blacklist
  • add address=183.60.48.25 list=ssh_blacklist
  • add address=43.250.82.224/27 list=Youtube
  • add address=103.244.186.192/26 list=Youtube
  • /ip firewall filter
  • add action=drop chain=input comment=“drop ssh brute forcers” dst-port=22 \
  • protocol=tcp src-address-list=ssh_blacklist
  • add action=drop chain=forward comment=“drop ssh brute forcers” dst-port=22 \
  • protocol=tcp src-address-list=ssh_blacklist
  • add action=add-src-to-address-list address-list=ssh_blacklist \
  • address-list-timeout=1w3d chain=input connection-state=new dst-port=22 \
  • protocol=tcp src-address-list=ssh_stage3
  • add action=add-src-to-address-list address-list=ssh_stage3 \
  • address-list-timeout=1m chain=input connection-state=new dst-port=22 \
  • protocol=tcp src-address-list=ssh_stage2
  • add action=add-src-to-address-list address-list=ssh_stage2 \
  • address-list-timeout=1m chain=input connection-state=new dst-port=22 \
  • protocol=tcp src-address-list=ssh_stage1
  • add action=add-src-to-address-list address-list=ssh_stage1 \
  • address-list-timeout=1m chain=input connection-state=new dst-port=22 \
  • protocol=tcp
  • add action=drop chain=input dst-port=22 protocol=tcp
  • add action=drop chain=input dst-port=23 protocol=tcp
  • add action=drop chain=input dst-port=25 protocol=tcp
  • add action=drop chain=forward dst-port=25 protocol=tcp
  • add action=drop chain=input dst-port=21 protocol=tcp
  • add action=drop chain=input protocol=tcp src-port=135-139
  • add action=drop chain=input protocol=udp src-port=135-139
  • add action=drop chain=input protocol=udp src-port=445
  • add action=drop chain=input protocol=tcp src-port=\
  • 2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721
  • add action=drop chain=input protocol=udp src-port=\
  • 2002,4156,1978,27444,10100,10064,6346,1433,1434,1720,1721
  • add action=drop chain=input protocol=tcp src-port=445
  • add action=drop chain=input protocol=tcp src-port=1718
  • add action=drop chain=input protocol=udp src-port=1718
  • add action=drop chain=input protocol=tcp src-port=1719
  • add action=drop chain=input protocol=udp src-port=1719
  • add action=drop chain=forward dst-port=1718-1720 protocol=udp
  • add action=drop chain=forward dst-port=1718-1720 protocol=tcp
  • add action=drop chain=forward dst-port=11720 protocol=tcp
  • add action=drop chain=forward dst-port=11720 protocol=udp
  • add action=drop chain=forward dst-port=4156 protocol=udp
  • add action=drop chain=forward dst-port=1978 protocol=udp
  • add action=drop chain=forward dst-port=1978 protocol=tcp
  • add action=drop chain=forward dst-port=559 protocol=tcp
  • add action=drop chain=forward dst-port=10100 protocol=udp
  • /ip firewall mangle
  • add action=mark-packet chain=prerouting comment=«<Youtube»> \
  • new-packet-mark=Youtube-New passthrough=yes src-address-list=Youtube
  • add action=mark-packet chain=prerouting comment=“«< Youtube »>” \
  • dst-address-list=Youtube new-packet-mark=Youtube-New passthrough=yes
  • /ip firewall service-port
  • set ftp disabled=yes
  • set tftp disabled=yes
  • set irc disabled=yes
  • set h323 disabled=yes
  • set pptp disabled=yes
fw.txt · Last modified: 2023/03/06 11:31 by 127.0.0.1