Writing by admin on Monday, 26 of April , 2010 at 1:28 am
Buat teman2 yg punya Router Mikrotik mungkin kalau sering lihat log bakalan kesal kalau banyak yg mencoba untuk login ke route kita. ini saya alami sendiri setiap ol masuk ke route dan lihat log waduh banyak ip yg mencoba melakukan BRUTE FORCE untuk masuk…..
code :
ip firewall filter add chain=input in-interface=ether1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop # accept 10 incorrect logins per minute
/ ip firewall filter add chain=output action=accept protocol=tcp content=”530 Login incorrect” dst-limit=1/1m,9,dst-address/1m #add to blacklist add chain=output action=add-dst-to-address-list protocol=tcp content=”530 Login incorrect” address-list=blacklist address-list-timeout=24h
Maksud dari kode diatas adalah jika dalam 1 menit berusaha 10 kali login ( dst-limit=1/1m,9 di login nya yg kesepuluh masuk daftar hitam dan dibanned selama 24jam, address-list=blacklist address-list-timeout=24h). untuk memberi range port edit bagian
CODE
/ ip firewall filter add chain=input in-interface=ether1 protocol=tcp dst-port=22 src-address-list=ftp_blacklist action=drop
menjadi
CODE
/ ip firewall filter add chain=input in-interface=ether1 protocol=tcp dst-port=21-23 src-address-list=ftp_blacklist action=drop
catatan : untuk router warnet, jangan gunakan port 80, karena apabila dari client mencoba masuk, maka dengan otomatis client bakalan tidak bisa browsing ( berdasarkan Pengalaman ). makanya blok port 21-23.
source:xcode.or.id
Popularity: 20% [?]
Category: Hotspot
Writing by taryana on Friday, 9 of April , 2010 at 3:11 pm
ip ether1 202.162.211.5
ip ether2 to client 192.168.1.253
ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.253
to-ports=80 protocol=tcp dst-address=202.162.211.5 dst-port=80
Popularity: 9% [?]
Category: Linux
Writing by taryana on Friday, 9 of April , 2010 at 3:09 pm
——————————————-
;;; Limit Download Exstension 128kbps ;;;
——————————————-
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.srt
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.mp3
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.mp4
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.m4v
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.m2ts
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.mpeg
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.flv
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.mkv
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.bup
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.wmv
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.wma
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.mpg
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.fla
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.wmz
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.arf
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.001
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.fil
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.scb
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.mood
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.rar
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.tar.gz
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.tar.bz2
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.exe
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.rar
ip firewall filter add chain=forward action=add-dst-to-address-list
protocol=tcp src-address=192.168.253.0/24
address-list=limit-exstension address-list-timeout=1h content=.zip
———————————————————————————————–
ip firewall mangle add chain=forward action=mark-packet
new-packet-mark=limit-bandwidth-exstension passthrough=yes
protocol=tcp src-address-list=limit-exstension
————————————————————————————————
queue simple add name=”download-file-exstension” dst-address=0.0.0.0/0
interface=all parent=none packet-marks=limit-bandwidth-exstension
direction=both priority=4 queue=default-small/default-small
limit-at=128k/128k max-limit=128k/128k burst-limit=0/0
burst-threshold=0/0 burst-time=0s/0s total-queue=default-small
————————————————————————————————-
Untuk Queue simple diletakkan pada baris paling atas.
——-
Sumber http://www.forummikrotik.com/
Popularity: 18% [?]
Category: Linux
Writing by taryana on Friday, 9 of April , 2010 at 3:08 pm
125.163.64.xxx = ip router —> eth0
192.168.0.87 = ip komputer lokal —>eth1
212 = port forwarding
$EXTIF=eth0
iptables -t nat -A PREROUTING -p tcp -i $EXTIF -d 125.163.64.xxx
–dport 212 -j DNAT –to 192.168.0.87:212
iptables -A FORWARD -p tcp -i $EXTIF -d 192.168.0.87 –dport 212 -j ACCEPT
Popularity: 9% [?]
Category: Linux, Networking