الثلاثاء، 28 سبتمبر 2010

Firewall Mikrotik

Firewall Mikrotik - Bosan dengan firewall mikrotik jaman dulu yang panjangnya bukan main namun masih saja di tembus para intruder, atau ingin mencicipi firewall mikrotik singkat nan ampuh, bisa anda temukan di bawah postingan ini.


Yang asli tulisan ini di ambil dari forummikrotik yang di posting oleh ts nya dengan nickname Adhielesmana.

Fungsi : Memblok akses yang tidak di ijinkan yang datang dari arah publik. selain yang di allow. semua akses masuk dari publik akan di drop.Attacker flooder maupun port scanner yang mo nembus mikrotik anda dari luar dijamin klepek klepek..

Wan = Interface Internet
Lan = Inteface Lokal
IP Local = 192.168.0.0/16


/ip firewall filter

add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.0.0/16 action=accept comment="Allow semua akses internet to client" disabled=no

add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no

add chain=input in-interface=Wan protocol=udp src-port=123 action=accept comment="Allow NTP Traffic" disabled=no

add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no

add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no

add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no

add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no

hasilnya saat di chek menggunakan http://www.grc.com
caranya : pilih service -> ShieldsUP! -> Proceed -> All Service Ports

GRC Port Authority Report created on UTC: 2010-09-28 at 04:29:55

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.



firewall source : adhielesmana @ http://forummikrotik.com