Blokir Port di Mikrotik

Internet

Ini Kode dapat dari IT Expert dari Padang Sumatera Barat, Namanya HARINTO, ST, Panggilan Senthod atau Karcuk(Ini Panggilan Kesayangan), Kode ini selain memblokir PORT penting di Mikrotik juga sebagai Penangkal Virus di Local Area Network anda. SIlahkan Copy Paste Code dibawah ini di Terminal Mikrotik anda.

[codesyntax lang=”html4strict”]

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Block Bogus IP Address" disabled=no src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward disabled=no src-address=224.0.0.0/3
add action=drop chain=forward disabled=no dst-address=224.0.0.0/3
add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=3:3 protocol=icmp
add action=drop chain=input comment="Drop SSH brute forcers" disabled=no dst-port=22 protocol=tcp src-address-list=
    ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
    "Port Scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input disabled=no src-address-list="port scanners"
add action=drop chain=input comment="Filter FTP to Box" disabled=no dst-port=21 protocol=tcp src-address-list=
    ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content=
    "530 Login incorrect" disabled=no protocol=tcp
add action=jump chain=forward comment="Separate Protocol into Chains" disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward disabled=no jump-target=udp protocol=udp
add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
add action=jump chain=input disabled=no jump-target=tcp protocol=tcp
add action=jump chain=input disabled=no jump-target=udp protocol=udp
add action=drop chain=udp comment="Blocking UDP Packet" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp disabled=no dst-port=111 protocol=udp
add action=drop chain=udp disabled=no dst-port=135 protocol=udp
add action=drop chain=udp disabled=no dst-port=445 protocol=udp
add action=drop chain=udp disabled=no dst-port=135-139 protocol=udp
add action=drop chain=udp disabled=no dst-port=2049 protocol=udp
add action=drop chain=udp disabled=no dst-port=3133 protocol=udp
add action=drop chain=tcp comment="Bloking TCP Packet" disabled=no dst-port=25 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=119 protocol=tcp
add action=add-src-to-address-list address-list=virus_conficker address-list-timeout=2m chain=tcp comment=
    "Tangkap Virus Conficker" disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=445 protocol=udp
add action=drop chain=tcp disabled=no dst-port=2049 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=3133 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=67-68 protocol=tcp
add action=accept chain=icmp comment="Limited Ping Flood" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=drop chain=icmp disabled=no protocol=icmp
add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no dst-address-type=broadcast
add action=accept chain=input comment="Connection State" connection-state=established disabled=no
add action=accept chain=icmp disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=accept chain=input connection-state=related disabled=no
add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input connection-state=invalid disabled=no
add action=add-src-to-address-list address-list=virus_blaster address-list-timeout=2m chain=tcp comment=
    "Tangkap Virus Blaster" disabled=no dst-port=7000 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=7000 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=7000 protocol=udp
add action=drop chain=tcp comment="Blok Port POP3" disabled=no dst-port=1110 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=1110 protocol=udp

[/codesyntax]

SHARE ON Twitter Facebook Google+ Pinterest

Related Posts of "Blokir Port di Mikrotik"

    Apa Tuhan itu penting?

    Apa Tuhan itu penting?

    Internet718 views

    Sekitar seminggu yang lalu sahabat saya Anton Hilman menulis di blognya : http://www.hilman.web.id/posting/blog/1174/kobow-si-penganut-agnostic-dari-kampungku Beliau menulis tentang Agnostikisme dan...

    arcgis_logo

    Install ArcGIS 9.3 Versi Crack

    Internet2286 views

    Sore ini 22/05/2010  adik kelas saya Jurusan Biologi lagi konsultasi TA yang berjudul "E-Learning Lab Genetika Menggunakan Moodle" (Webnya bisa dikases disini), awalnya emank lagi nggak Konsentrasi k...

    free_hosting_unlimited

    Cara mendapatkan hosting gratis dan Unlimited Seumur Hidup

    Article, Internet, Linux646 views

    Judul yang saya buat ini bukan clickbait ini bener2 ada dan saya sudah memakainya sampai saat ini, udah hampir 1,5 tahun. Gunanya ya itu cuma buat testing script, testing theme dan lain-lainnya. Fitu...

    ARASH – “Pure Love”

    ARASH – “Pure Love”

    Internet244 views

    This was just meant to be You are coming back to me ‘cause, this is pure love ‘cause, this is pure love Mikham to vaghty khaby Kenareh to beshinam Ageh yeh vaght khabam bord Baz khabeh toro bebin...

    Stay Hungry, Stay Foolish

    Stay Hungry, Stay Foolish

    Internet640 views

    Saya merasa bangga di tengah-tengah Anda sekarang, yang akan segera lulus dari salah satu universitas terbaik di dunia. Saya tidak pernah selesai kuliah. Sejujurnya, baru saat inilah saya merasakan...

    Pemimpin seperti apa yang anda ikuti?

    Pemimpin seperti apa yang anda ikuti?

    Internet459 views

    Saat pemimpin tersebut memutuskan (baik secara sadar atau tidak) untuk mengikuti kepemimpinan nya, keputusan itu terutama karena satu atau dua hal berikut:karakter pemimpinnya atau kemampuan nya. Seo...