Ini Kode dapat dari IT Expert dari Padang Sumatera Barat, Namanya HARINTO, ST, Panggilan Senthod atau Karcuk (Ini Panggilan Kesayangan), Kode ini selain memblokir PORT penting di Mikrotik juga sebagai Penangkal Virus di Local Area Network anda. SIlahkan Copy Paste Code dibawah ini di Terminal Mikrotik anda.
/ip firewall filter add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes add action=drop chain=forward comment="Block Bogus IP Address" disabled=no src-address=0.0.0.0/8 add action=drop chain=forward disabled=no dst-address=0.0.0.0/8 add action=drop chain=forward disabled=no src-address=127.0.0.0/8 add action=drop chain=forward disabled=no dst-address=127.0.0.0/8 add action=drop chain=forward disabled=no src-address=224.0.0.0/3 add action=drop chain=forward disabled=no dst-address=224.0.0.0/3 add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=11:0 protocol=icmp add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=3:3 protocol=icmp add action=drop chain=input comment="Drop SSH brute forcers" disabled=no dst-port=22 protocol=tcp src-address-list= ssh_blacklist add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3 add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2 add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1 add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new disabled=no dst-port=22 protocol=tcp add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment= "Port Scanners to list " disabled=no protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol= tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol= tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol= tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol= tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol= tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol= tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=drop chain=input disabled=no src-address-list="port scanners" add action=drop chain=input comment="Filter FTP to Box" disabled=no dst-port=21 protocol=tcp src-address-list= ftp_blacklist add action=accept chain=output content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content= "530 Login incorrect" disabled=no protocol=tcp add action=jump chain=forward comment="Separate Protocol into Chains" disabled=no jump-target=tcp protocol=tcp add action=jump chain=forward disabled=no jump-target=udp protocol=udp add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp add action=jump chain=input disabled=no jump-target=tcp protocol=tcp add action=jump chain=input disabled=no jump-target=udp protocol=udp add action=drop chain=udp comment="Blocking UDP Packet" disabled=no dst-port=69 protocol=udp add action=drop chain=udp disabled=no dst-port=111 protocol=udp add action=drop chain=udp disabled=no dst-port=135 protocol=udp add action=drop chain=udp disabled=no dst-port=445 protocol=udp add action=drop chain=udp disabled=no dst-port=135-139 protocol=udp add action=drop chain=udp disabled=no dst-port=2049 protocol=udp add action=drop chain=udp disabled=no dst-port=3133 protocol=udp add action=drop chain=tcp comment="Bloking TCP Packet" disabled=no dst-port=25 protocol=tcp add action=drop chain=tcp disabled=no dst-port=69 protocol=tcp add action=drop chain=tcp disabled=no dst-port=111 protocol=tcp add action=drop chain=tcp disabled=no dst-port=135-139 protocol=tcp add action=drop chain=tcp disabled=no dst-port=135 protocol=tcp add action=drop chain=tcp disabled=no dst-port=119 protocol=tcp add action=add-src-to-address-list address-list=virus_conficker address-list-timeout=2m chain=tcp comment= "Tangkap Virus Conficker" disabled=no dst-port=445 protocol=tcp add action=drop chain=tcp disabled=no dst-port=445 protocol=tcp add action=drop chain=tcp disabled=no dst-port=445 protocol=udp add action=drop chain=tcp disabled=no dst-port=2049 protocol=tcp add action=drop chain=tcp disabled=no dst-port=12345-12346 protocol=tcp add action=drop chain=tcp disabled=no dst-port=20034 protocol=tcp add action=drop chain=tcp disabled=no dst-port=3133 protocol=tcp add action=drop chain=tcp disabled=no dst-port=67-68 protocol=tcp add action=accept chain=icmp comment="Limited Ping Flood" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp add action=accept chain=icmp disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp add action=accept chain=icmp disabled=no icmp-options=3:3 limit=5,5 protocol=icmp add action=accept chain=icmp disabled=no icmp-options=3:4 limit=5,5 protocol=icmp add action=drop chain=icmp disabled=no protocol=icmp add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no dst-address-type=broadcast add action=accept chain=input comment="Connection State" connection-state=established disabled=no add action=accept chain=icmp disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp add action=accept chain=input connection-state=related disabled=no add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp add action=drop chain=input connection-state=invalid disabled=no add action=add-src-to-address-list address-list=virus_blaster address-list-timeout=2m chain=tcp comment= "Tangkap Virus Blaster" disabled=no dst-port=7000 protocol=tcp add action=drop chain=tcp disabled=no dst-port=7000 protocol=tcp add action=drop chain=tcp disabled=no dst-port=7000 protocol=udp add action=drop chain=tcp comment="Blok Port POP3" disabled=no dst-port=1110 protocol=tcp add action=drop chain=tcp disabled=no dst-port=1110 protocol=udp
