Blokir Port di Mikrotik

Internet

Ini Kode dapat dari IT Expert dari Padang Sumatera Barat, Namanya HARINTO, ST, Panggilan Senthod atau Karcuk(Ini Panggilan Kesayangan), Kode ini selain memblokir PORT penting di Mikrotik juga sebagai Penangkal Virus di Local Area Network anda. SIlahkan Copy Paste Code dibawah ini di Terminal Mikrotik anda.

[codesyntax lang=”html4strict”]

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Block Bogus IP Address" disabled=no src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward disabled=no src-address=224.0.0.0/3
add action=drop chain=forward disabled=no dst-address=224.0.0.0/3
add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=3:3 protocol=icmp
add action=drop chain=input comment="Drop SSH brute forcers" disabled=no dst-port=22 protocol=tcp src-address-list=
    ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
    "Port Scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input disabled=no src-address-list="port scanners"
add action=drop chain=input comment="Filter FTP to Box" disabled=no dst-port=21 protocol=tcp src-address-list=
    ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content=
    "530 Login incorrect" disabled=no protocol=tcp
add action=jump chain=forward comment="Separate Protocol into Chains" disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward disabled=no jump-target=udp protocol=udp
add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
add action=jump chain=input disabled=no jump-target=tcp protocol=tcp
add action=jump chain=input disabled=no jump-target=udp protocol=udp
add action=drop chain=udp comment="Blocking UDP Packet" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp disabled=no dst-port=111 protocol=udp
add action=drop chain=udp disabled=no dst-port=135 protocol=udp
add action=drop chain=udp disabled=no dst-port=445 protocol=udp
add action=drop chain=udp disabled=no dst-port=135-139 protocol=udp
add action=drop chain=udp disabled=no dst-port=2049 protocol=udp
add action=drop chain=udp disabled=no dst-port=3133 protocol=udp
add action=drop chain=tcp comment="Bloking TCP Packet" disabled=no dst-port=25 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=119 protocol=tcp
add action=add-src-to-address-list address-list=virus_conficker address-list-timeout=2m chain=tcp comment=
    "Tangkap Virus Conficker" disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=445 protocol=udp
add action=drop chain=tcp disabled=no dst-port=2049 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=3133 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=67-68 protocol=tcp
add action=accept chain=icmp comment="Limited Ping Flood" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=drop chain=icmp disabled=no protocol=icmp
add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no dst-address-type=broadcast
add action=accept chain=input comment="Connection State" connection-state=established disabled=no
add action=accept chain=icmp disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=accept chain=input connection-state=related disabled=no
add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input connection-state=invalid disabled=no
add action=add-src-to-address-list address-list=virus_blaster address-list-timeout=2m chain=tcp comment=
    "Tangkap Virus Blaster" disabled=no dst-port=7000 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=7000 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=7000 protocol=udp
add action=drop chain=tcp comment="Blok Port POP3" disabled=no dst-port=1110 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=1110 protocol=udp

[/codesyntax]

SHARE ON Twitter Facebook Google+ Pinterest

Related Posts of "Blokir Port di Mikrotik"

    Tips Menghadapi Psikotes atau TPA atau Tes Psikologi

    Tips Menghadapi Psikotes atau TPA atau Tes Psikologi

    Internet1025 views

    Bagi anda yang dipanggil untuk menjalani psikotes, sebaiknya anda memperhatikan beberapa saran dan tips di bawah ini. Sebelum Tes Anda harus yakin terlebih dulu, bahwa posisi/pekerjaan yang akan di...

    Clean Malware, Virus serta Trojan Menggunakan Combofix

    Clean Malware, Virus serta Trojan Menggunakan Combofix

    Internet796 views

    Kemaren bg katoih minta perbaiki laptop Axioo yang sudah 2 kali install windows dan sudah 2 kali terkena Virus dan malware yang tidak bisa di detect oleh Antivirus ampuh yang saya miliki yaitu NOD32 V...

    Cara Meningkatkan Keamanan WORDPRESS

    Cara Meningkatkan Keamanan WORDPRESS

    Internet444 views

    Ada Beberapa Plugin yang saya dapatkan di Wordpress untuk Mengamankan wordpress Anda dari serangan2 yang tidak di inginkan, Gimana ya caranya? Berikut beberapa plugin untuk mengamankan wordpress anda ...

    Perang Dunia Maya “Ganyang Situs Israel”

    Perang Dunia Maya “Ganyang Situs Israel”

    Internet883 views

    Cyber War With Israel / Perang Dunia maya antara muslim hacker dan Israel telah di lantunkan. Segenap doa dan perjuangan akan dipersembahkan buat saudara saudara kita di Palestina. Seluruh muslim hac...

    Cara mengubah Bahasa windows Vista

    Cara mengubah Bahasa windows Vista

    Internet729 views

    Minggu kemaren ada junior saya namanya (anggi royata) punya laptop Toshiba Dynabook CX/47A asli dari jepang kiriman dari kakaknya. Dia ingin laptop ntu di Install lagi dengan windows asli bawaan dari ...

    April Mop: Hari Dimana Umat Islam Dibantai

    April Mop: Hari Dimana Umat Islam Dibantai

    Internet304 views

    Maret Telah usai. Bulan April menjelang. Ada suatu kebiasaan jahiliah yang patut kita waspadai bersama sebagai seorang Muslim; 1 April sebagai hari April Mop. April Mop sendiri adalah hari di mana ora...