RB 3011 When you do reset configuration, and you select the default configuration, the SNTP Client also does not work anyway.
SNTP Client works well on rb2011, RB1100AHx4, 951G-2HnD, D52G-5HacD2HnD-TC
translate.google
ping
https://prnt.sc/lgnog5
# nov/10/2018 14:29:33 by RouterOS 6.43.4
# software id = a98y-5s1n
#
# model = RouterBOARD 3011UiAS
/ip firewall filter
add action=accept chain=input comment="ACCEPT WinBox after knock" dst-port=\
8291 in-interface-list=WAN protocol=tcp src-address-list=KNOCK-SUCCESS
add action=jump chain=input comment="Check port knock (__1__)" icmp-options=\
8:0-255 jump-target=knock packet-size=!0-99 protocol=icmp
add action=return chain=knock comment="KNOCK FAILURE return (__2__)" \
src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK-SUCCESS \
address-list-timeout=1h chain=knock comment=\
"KNOCK 3rd - success 10 (__3__)" packet-size=10 src-address-list=\
KNOCK2
add action=return chain=knock comment="KNOCK 3rd - success return (__4__)" \
src-address-list=KNOCK-SUCCESS
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
address-list-timeout=1m chain=knock comment=\
"KNOCK 3rd - failure (__5__)" src-address-list=KNOCK2
add action=return chain=knock comment="KNOCK 3rd - failure return (__6__)" \
src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK2 address-list-timeout=\
1m chain=knock comment="KNOCK 2nd - success 7 (__7__)" packet-size=7 \
src-address-list=KNOCK1
add action=return chain=knock comment="KNOCK 2nd - success return (__8__)" \
src-address-list=KNOCK2
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
address-list-timeout=1m chain=knock comment=\
"KNOCK 2nd - failure (__9__)" src-address-list=KNOCK1
add action=return chain=knock comment="KNOCK 2nd - failure return (__10__)" \
src-address-list=KNOCK-FAILURE
add action=add-src-to-address-list address-list=KNOCK1 address-list-timeout=\
1m chain=knock comment="KNOCK 1st - success 10 (__11__)" packet-size=\
10
add action=return chain=knock comment="KNOCK 1st - success return (__12__)" \
src-address-list=KNOCK1
add action=add-src-to-address-list address-list=KNOCK-FAILURE \
address-list-timeout=1m chain=knock comment=\
"KNOCK 1st - failure (__13__)"
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=2w chain=input comment=\
"scanners-1 Port scanners to list" protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=2w chain=input comment=\
"scanners-2 NMAP FIN Stealth scan" protocol=tcp tcp-flags=\
fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=2w chain=input comment="scanners-3 SYN/FIN scan" \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=2w chain=input comment="scanners-4 SYN/RST scan" \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=2w chain=input comment=\
"scanners-5 FIN/PSH/URG scan" protocol=tcp tcp-flags=\
fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=2w chain=input comment="scanners-6 ALL/ALL scan" \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=port_scanners \
address-list-timeout=2w chain=input comment="scanners-7 NMAP NULL scan" \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="scanners-8 dropping port scanners" \
src-address-list=port_scanners
add action=drop chain=forward comment="scanners-9 dropping port scanners" \
src-address-list=port_scanners
add action=drop chain=input comment="Brute Forcers_winbox_black_list - 1" \
dst-port=8291 in-interface-list=WAN protocol=tcp src-address-list=\
black_list
add action=add-src-to-address-list address-list=black_list \
address-list-timeout=8h chain=input comment=\
"Brute Forcers_add_black_list - 2" connection-state=new dst-port=8291 \
in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage3
add action=add-src-to-address-list address-list=Winbox_Ssh_stage3 \
address-list-timeout=1m chain=input comment=\
"Brute Forcers_Ssh_stage3 - 3" connection-state=new dst-port=8291 \
in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage2
add action=add-src-to-address-list address-list=Winbox_Ssh_stage2 \
address-list-timeout=1m chain=input comment=\
"Brute Forcers_Ssh_stage2 - 4" connection-state=new dst-port=8291 \
in-interface-list=WAN protocol=tcp src-address-list=Winbox_Ssh_stage1
add action=add-src-to-address-list address-list=Winbox_Ssh_stage1 \
address-list-timeout=1m chain=input comment=\
"Brute Forcers_Ssh_stage1 - 5" connection-state=new dst-port=8291 \
in-interface-list=WAN protocol=tcp
add action=drop chain=input comment="Drop DNS" dst-port=53 in-interface-list=\
WAN protocol=udp
add action=drop chain=input comment="Drop DNS" dst-port=53 in-interface-list=\
WAN protocol=tcp
add action=drop chain=input comment="Block hole Windows - 1" dst-port=\
135,137-139,445,593,4444 protocol=tcp
add action=drop chain=forward comment="Block hole Windows - 2" dst-port=\
135,137-139,445,593,4444 protocol=tcp
add action=drop chain=input comment="Block hole Windows - 3" dst-port=\
135,137-139 protocol=udp
add action=drop chain=forward comment="Block hole Windows - 4" dst-port=\
135,137-139 protocol=udp
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked
add action=accept chain=forward comment=torrent dst-port=50000 \
in-interface-list=WAN protocol=tcp
add action=accept chain=forward comment="torrent UDP" dst-port=50000 \
in-interface-list=WAN protocol=udp
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
does not work
what does that mean?
can you ping NTP server? don't you block NTP packets in Firewall Filter?
Politicians appeared to be slower than tech guys.
