MikroTik

Community discussions
https://forum.mikrotik.com/

Firewall rules commonly used by you on the edge

https://forum.mikrotik.com/viewtopic.php?t=70078

Page 1 of 1

Firewall rules commonly used by you on the edge

Posted: Wed Feb 20, 2013 5:52 am
by osvaldotcf
What the firewall rules commonly used by you on the edge?

Re: Firewall rules commonly used by you on the edge

Posted: Wed Feb 20, 2013 8:43 pm
by osvaldotcf
We are a ISP and search for rules for de edge firewall for us.

Re: Firewall rules commonly used by you on the edge

Posted: Thu Feb 21, 2013 5:45 am
by adairw
We are a ISP and search for rules for de edge firewall for us.
I'm not sure how long you've been an ISP and how familiar you are with mikrotik but, If you do some reading around you'll find lots of examples of how to do things.
First, you need to decide who you're protecting; yourself, your customers or both.
Our company is a new ISP and like you we didn't know what we needed at first either. So we started with the basics. #1, protect yourself. So drop any traffic inbound (input chain) to your routers that you don't specifically allow. #2, decide what traffic you're going to block (if any) going towards your customers (forward chain) and allow everything else, etc. ..

http://www.tiktube.com has good stuff such as,
http://tiktube.com/?video=KHgq3goHcDqGC ... tqlKolKlI= Mikrotik Products Implementation In WISP
http://tiktube.com/video/CHfl3inCdCmImH ... uoloopLLJ= Network Security
http://tiktube.com/video/pDfG3iCKbIDEIL ... uElFoGmLq= Cookie Cutter WISP
http://tiktube.com/video/Cmfl3gDCbIHELG ... umlGoLqpo= Securing networks

Google is also you're friend. Once you get some info, come back with specific questions.

Re: Firewall rules commonly used by you on the edge

Posted: Sat Feb 23, 2013 1:59 pm
by foudanet
Code: Select all
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment=\
    "place hotspot rules here" disabled=yes
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
    dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=\
    445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 \
    protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 \
    protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 \
    protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 \
    protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 \
    protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 \
    protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 \
    protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 \
    protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 \
    protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 \
    protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 \
    protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 \
    protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 \
    protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=\
    2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=\
    3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no \
    dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
    tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=\
    udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 \
    protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 \
    protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=\
    9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=\
    10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=\
    10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 \
    protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 \
    protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=\
    27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=\
    no dst-port=65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" disabled=no \
    jump-target=virus
add action=drop chain=forward comment="Drop WindowsUpdate AllVersions" \
    disabled=no dst-address-list="Windows Update"
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/