Script Keamanan Mikrotik Firewall Lanjutan


Di posting sebelumnya saya sempat menjelaskan tentang beberapa firewall mikrotik diantaranya :
  • Mencegah serangan virus melalui port 
  • Anti DDOS, Sniffing dan Netcut
Nah kali ini saya akan menjelaskan firewall lanjutan, karena mikrotik sangat terkenal dengan keamanannya, oleh sebab itu biasanya digunakan untuk jaringan besar, firewall ini saya setting di routerboard untuk jaringan Jova Company. Langsung saja perintah yang harus di ketikkan di terminal mikrotik :

/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop invalid connections”
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow limited pings”
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH for secure shell”
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log everything else”
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web1”
/ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp-con passthrough=yes comment=” bikin_cepat_ping_dan_dns”
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log¬everythingelse”
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox access”


Firewall mirotik ini bisa di gunakan untuk semua jenis mikrotik "routerboard, radio antena mikrotik, router, dan semua produk mikrotik"

Title : Script Keamanan Mikrotik Firewall Lanjutan
Description : Di posting sebelumnya saya sempat menjelaskan tentang beberapa firewall mikrotik diantaranya : Mencegah serangan virus melalui port  An...

0 Response to "Script Keamanan Mikrotik Firewall Lanjutan"

Posting Komentar