Community discussions

MikroTik App
 
User avatar
IS0FFD
just joined
Topic Author
Posts: 12
Joined: Thu Dec 29, 2016 10:30 pm
Location: Sassari - Sardinia Island ITA

HELP Firewall Rules

Sat Apr 28, 2018 11:32 am

Hi all!
I've a CRS125 with this firewall rules
17    ;;; Port Scanner Detect
      chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=Port_Scanner address-list-timeout=1w 

18    ;;; Drop to port scan list
      chain=input action=drop src-address-list=Port_Scanner 

In my lan i've a RB750gr3 with Dude, but is continually inserted in the "Port_Scanner" list

How can I solve?
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1180
Joined: Fri Jul 28, 2017 2:53 pm

Re: HELP Firewall Rules

Sat Apr 28, 2018 12:37 pm

Extract Hex IP from list or deactivate the rule?
 
User avatar
IS0FFD
just joined
Topic Author
Posts: 12
Joined: Thu Dec 29, 2016 10:30 pm
Location: Sassari - Sardinia Island ITA

Re: HELP Firewall Rules

Sat Apr 28, 2018 12:46 pm

Extract Hex IP from list or deactivate the rule?
I would like it if possible to make a white list with the addresses known to be excluded from the rule.


sorry but I'm trying to learn!
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1180
Joined: Fri Jul 28, 2017 2:53 pm

Re: HELP Firewall Rules

Sat Apr 28, 2018 1:08 pm

Extract Hex IP from list or deactivate the rule?
I would like it if possible to make a white list with the addresses known to be excluded from the rule.


sorry but I'm trying to learn!
Try something like this:

chain=input action=drop src-address-list=Port_Scanner
chain=input action=accept protocol=tcp psd=21,3s,3,1 src-address="IP of HEx"
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=Port_Scanner address-list-timeout=1w

or with a white list:

chain=input action=drop src-address-list=!White_List
chain=input action=accept protocol=tcp psd=21,3s,3,1 address-list=White_List

"=!" - mean not what you point on.
 
User avatar
IS0FFD
just joined
Topic Author
Posts: 12
Joined: Thu Dec 29, 2016 10:30 pm
Location: Sassari - Sardinia Island ITA

Re: HELP Firewall Rules

Sat Apr 28, 2018 1:43 pm


Try something like this:

chain=input action=drop src-address-list=Port_Scanner
chain=input action=accept protocol=tcp psd=21,3s,3,1 src-address="IP of HEx"
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=Port_Scanner address-list-timeout=1w

or with a white list:

chain=input action=drop src-address-list=!White_List
chain=input action=accept protocol=tcp psd=21,3s,3,1 address-list=White_List

"=!" - mean not what you point on.

chain=input action=accept protocol=tcp psd=21,3s,3,1 src-address="IP of HEx"
not work...
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1180
Joined: Fri Jul 28, 2017 2:53 pm

Re: HELP Firewall Rules

Sat Apr 28, 2018 2:21 pm


Try something like this:

chain=input action=drop src-address-list=Port_Scanner
chain=input action=accept protocol=tcp psd=21,3s,3,1 src-address="IP of HEx"
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=Port_Scanner address-list-timeout=1w

or with a white list:

chain=input action=drop src-address-list=!White_List
chain=input action=accept protocol=tcp psd=21,3s,3,1 address-list=White_List

"=!" - mean not what you point on.

chain=input action=accept protocol=tcp psd=21,3s,3,1 src-address="IP of HEx"
not work...
Sorry, but you assigned in src-address IP address of your Hex router or just words I wrote?
 
User avatar
Anumrak
Forum Guru
Forum Guru
Posts: 1180
Joined: Fri Jul 28, 2017 2:53 pm

Re: HELP Firewall Rules

Sat Apr 28, 2018 2:32 pm

And I'm sorry for incorrect sequence:

chain=input action=accept protocol=tcp psd=21,3s,3,1 src-address="IP of your Hex"
chain=input action=drop src-address-list=Port_Scanner
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=Port_Scanner address-list-timeout=1w
 
msatter
Forum Guru
Forum Guru
Posts: 1623
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: HELP Firewall Rules

Sat Apr 28, 2018 4:34 pm

And I'm sorry for incorrect sequence:

chain=input action=accept protocol=tcp psd=21,3s,3,1 src-address="IP of your Hex"
chain=input action=drop src-address-list=Port_Scanner
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=Port_Scanner address-list-timeout=1w
Not....I mean you have to use not (!) so you need only one line.
add chain= input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 src-address=!"IP of your Hex" address-list=Port_Scanner address-list-timeout=1w
Last edited by msatter on Sat Apr 28, 2018 6:37 pm, edited 2 times in total.
One RB4011 and a RB760iGS (hEX S) in series. 4011 Does PPPoE/IKEv2-500/600 Mb/s.
Running:
RouterOS 6.47rcX / Winbox 3.24 / MikroTik APP 1.3.12
NordVPN viewtopic.php?f=2&t=158439&p=781009 for multiple connections.
 
User avatar
ingdaka
Member
Member
Posts: 333
Joined: Thu Aug 30, 2012 3:06 pm
Location: Albania
Contact:

Re: HELP Firewall Rules

Sat Apr 28, 2018 6:06 pm

I will suggest you an other thing, remove firewall roles from switch, because switches get more CPU usage form firewall roles!
Ilir Daka
Electronic & Network Engineer
E-mail: ilirdaka@live.com
Mob: +355692982151
WhatsApp: +355692982151
Mikrotik Official Consultant
CCNA | Fortinet NSE3 | MTCRE | MTCSE | MTCWE | RIPE NCC Certified Professional
 
anav
Forum Guru
Forum Guru
Posts: 4185
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: HELP Firewall Rules

Sat Apr 28, 2018 6:23 pm

Hi there, I do something very similar.........
(I have two WAN IPs, otherwise I would have probably used in-interface WAN)
.....
IP Filter
{Port Scans TCP make list}
   chain=input action=add-src-to-address-list protocol=tcp dst ports=23, 53,123,445,8291 in-interface list-WAN address-list=port_scans_tcp-timeout=2d
{Port Scans UDP make list}
   chain=input action=add-src-to-address-list protocol=tcp dst ports=23, 53,123,445,8291 in-interface list-WAN address-list=port_scans_udp-timeout=2d
Then I use RAW fule (not filters) and PRE-ROUTING to kill the list entries before they enter the router at all (no tracking etc......)
....
IP RAW
{Drop Scans TCP}
   chain=prerouting action=drop src-address-list=port_scans_tcp
{Drop Scans UDP}
   chain=prerouting action=drop src-address-list=port_scans_udp
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: td32 and 45 guests