Hello ,
my server has been hack by someone that want to show me that I need to do some good firewall rules
this is what he did :
(I have disable all the rules he add)
Can someone saee what he did , and what I can keep?
or it’s all gatbage ?
Thanks ,
/ip firewall filter
add action=add-dst-to-address-list address-list=a8291 address-list-timeout=2d \
chain=output comment=p8291 disabled=yes dst-address=247.117.0.0/16 \
layer7-protocol=*6 log-prefix="" protocol=tcp
add action=add-src-to-address-list address-list=ip1 address-list-timeout=7s \
chain=input comment="I closed the vulnerability with a firewall." disabled=\
yes log-prefix="" packet-size=1210 protocol=icmp
add action=add-src-to-address-list address-list=ip2 address-list-timeout=7s \
chain=input comment=ip2 disabled=yes log-prefix="" packet-size=107 \
protocol=icmp src-address-list=ip1
add action=add-src-to-address-list address-list=allow-ip address-list-timeout=\
1h chain=input comment=allow-ip disabled=yes log-prefix="" packet-size=107 \
protocol=icmp src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist address-list-timeout=\
2h chain=input comment=blacklist disabled=yes log-prefix="" packet-size=\
!107 protocol=icmp src-address=!247.117.0.0/16 src-address-list=ip2
add action=add-src-to-address-list address-list=blacklist address-list-timeout=\
2h chain=input comment=blacklist disabled=yes log-prefix="" packet-size=497 \
protocol=icmp src-address=!247.117.0.0/16
add action=add-src-to-address-list address-list=blacklist address-list-timeout=\
2h chain=input comment=blacklist disabled=yes log-prefix="" packet-size=\
1083 protocol=icmp src-address=!247.117.0.0/16
add action=drop chain=input disabled=yes dst-port=\
8778,8728,8729,22,23,80,443,8291,8299 log-prefix="" protocol=tcp \
src-address-list=blacklist
add action=add-src-to-address-list address-list=Ok address-list-timeout=5s \
chain=input comment=sysadminpxy disabled=yes dst-port=8080 log-prefix="" \
protocol=tcp
add action=accept chain=input comment=sysadmin53u disabled=yes log-prefix="" \
port=53 protocol=udp
add action=accept chain=input comment=sysadmin53t disabled=yes log-prefix="" \
port=53 protocol=tcp
add action=accept chain=input comment=\
"Please update RotherOS and change password." disabled=yes log-prefix="" \
src-address-list=allow-ip
add action=drop chain=input disabled=yes dst-port=\
8778,8728,8729,22,23,80,443,8291,8299 log-prefix="" protocol=tcp \
src-address-list=!allow-ip
add action=drop chain=input dst-port=22 log-prefix="" protocol=tcp src-address=\
!10.192.116.20 src-address-list=ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist \
address-list-timeout=7w1d chain=input connection-state=new dst-port=22 \
log-prefix="" protocol=tcp src-address=!10.192.116.20 src-address-list=\
ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 \
address-list-timeout=10m chain=input connection-state=new dst-port=22 \
log-prefix="" protocol=tcp src-address=!10.192.116.20 src-address-list=\
ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
log-prefix="" protocol=tcp src-address=!10.192.116.20 src-address-list=\
ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 \
address-list-timeout=1m chain=input connection-state=new dst-port=22 \
log-prefix="" protocol=tcp src-address=!10.192.116.20
add action=add-src-to-address-list address-list=1701-L2TP address-list-timeout=\
0s chain=input disabled=yes dst-address=10.192.116.30 dst-port=1701 \
log-prefix="" protocol=udp
add action=tarpit chain=input comment=\
"Add you ip addess to allow-ip in Address Lists." disabled=yes dst-port=\
30553 log-prefix="" protocol=tcp
/ip firewall nat
add action=redirect chain=dstnat comment=sysadminpxy disabled=yes dst-port=80 \
protocol=tcp src-address-list=!Ok to-ports=8080
add action=masquerade chain=srcnat log-prefix=""
Thanks ,