Community discussions

MikroTik App
 
Eduardo25
just joined
Topic Author
Posts: 19
Joined: Fri Mar 12, 2021 11:49 pm

Security Captchas [HELP]

Thu Oct 07, 2021 10:10 am

Hi everyone, I notice that my static internet connection ISP2/PLDTEnterprise always block by security captchas(Main Problem) on most of the website except youtube, google etc and decided to Wireshark my network

1. and see this bunch SSDP multicast traffic I think its like DDOS?DRDOS how should I take care of this thing in my firewall. I did some filtering through UDP and block that port but it doesn't catch this protocol it doesn't work. I think it's not related to the captchas, but I just wanted to eliminate some problems.
Image


2. Can you recheck my configuration if there is something wrong that may cause the problem in my ISP2/PLDTEnterprise any recommendation for improvement Ill accept it
/interface bridge
add admin-mac=08:55:31:40:3D:0C auto-mac=no comment=defconf name=88bridge
add name=178bridge
/interface ethernet
set [ find default-name=ether2 ] arp=disabled
set [ find default-name=sfp-sfpplus1 ] disabled=yes
/interface pppoe-client
add allow=chap,mschap1,mschap2 dial-on-demand=yes disabled=no interface=\
    ether2 keepalive-timeout=30 name=PLDTEnterprise user=xxxx
/interface ethernet switch port
set 0 default-vlan-id=0
set 1 default-vlan-id=0
set 2 default-vlan-id=0
set 3 default-vlan-id=0
set 4 default-vlan-id=0
set 5 default-vlan-id=0
set 6 default-vlan-id=0
set 7 default-vlan-id=0
set 8 default-vlan-id=0
set 9 default-vlan-id=0
set 10 default-vlan-id=0
set 11 default-vlan-id=0
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=home-dhcp ranges=192.168.88.20-192.168.88.254
add name=enterprise-dhcp ranges=192.168.178.10-192.168.178.254
/ip dhcp-server
add address-pool=home-dhcp interface=88bridge lease-time=52w1d name=\
    defconfHOME
add address-pool=enterprise-dhcp interface=178bridge lease-time=52w1d name=\
    defconENT
/queue simple
add max-limit=20M/30M name="Customer Welfare WIFI" target=192.168.88.6/32
add burst-limit=5M/5M burst-time=10s/10s max-limit=5M/5M name=\
    "PAYLESS WIFI - XENON TECHNICIAN" target=192.168.88.149/32
add burst-time=10s/10s max-limit=5M/5M name="MAGNUM MOTORS" target=\
    192.168.88.127/32
add burst-time=10s/10s max-limit=5M/5M name="OGI GROUND WIFI" target=\
    192.168.88.142/32
add disabled=yes max-limit=64k/64k name=192.168.178.252 target=\
    192.168.178.252/32
add max-limit=40M/40M name="ALIEN WIFI" target=192.168.178.147/32
add max-limit=30M/30M name=MAGNET202 target=192.168.178.253/32
add burst-time=10s/10s max-limit=50M/0 name=MagnetDepartmentWIFI target=\
    192.168.88.19/32
add max-limit=15M/15M name="OGI 2ND FLOOR WIFI" target=192.168.88.148/32
add max-limit=30M/30M name=ZOOMCONF packet-marks=zoom_pckt priority=1/1 \
    queue=default/default target=88bridge
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,pas\
    sword,sniff,sensitive,api,romon,dude,tikapp,!web"
/dude
set enabled=yes
/interface bridge port
add bridge=88bridge comment=defconf interface=ether3
add bridge=88bridge comment=defconf interface=ether4
add bridge=88bridge comment=defconf interface=ether5
add bridge=88bridge comment=defconf interface=ether6
add bridge=88bridge comment=defconf interface=ether7
add bridge=88bridge comment=defconf interface=sfp-sfpplus1
add bridge=178bridge comment=defconf178 interface=ether9
add bridge=178bridge interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=none
/ip settings
set tcp-syncookies=yes
/interface list member
add comment=defconf interface=88bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether2 list=WAN
add interface=178bridge list=LAN
add interface=PLDTEnterprise list=WAN
add interface=ether3 list=LAN
add interface=ether4 list=LAN
add interface=ether5 list=LAN
add interface=ether6 list=LAN
add interface=ether7 list=LAN
add interface=ether8 list=LAN
add interface=ether9 list=LAN
add interface=ether10 list=LAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=88bridge network=\
    192.168.88.0
add address=192.168.178.1/24 interface=178bridge network=192.168.178.0
/ip cloud
set update-time=no
/ip dhcp-client
add comment=defconf disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
add address=192.168.178.0/24 dns-server=192.168.178.1 gateway=192.168.178.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip firewall address-list
add address=192.168.88.0/24 list=support
add address=192.168.88.10 list=support
add address=192.168.0.0/24 list=support
add address=192.168.178.0/24 list=support
add address=192.168.188.0/24 list=support
add address=192.168.178.0/24 list="178 Network"
add address=192.168.88.0/24 list="88 Network"
add address=202.84.114.0/24 disabled=yes list=support
add address=192.168.88.79 list=CellcheckIP
add address=192.168.88.80 list=CellcheckIP
add address=192.168.88.81 list=CellcheckIP
add address=192.168.88.82 list=CellcheckIP
add address=192.168.88.83 list=CellcheckIP
add address=192.168.88.84 list=CellcheckIP
add address=192.168.88.85 list=CellcheckIP
add address=192.168.88.86 list=CellcheckIP
add address=192.168.88.87 list=CellcheckIP
add address=192.168.88.6 list=CellcheckIP
add address=192.168.178.9 disabled=yes list=CellcheckIP
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
add address=0.0.0.0/8 comment="defconf: RFC6890" list=no_forward_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=no_forward_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=no_forward_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=no_forward_ipv4
add address=127.0.0.0/8 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.0.0/24 comment="defconf: RFC6890" list=bad_ipv4
add address=192.0.2.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=198.51.100.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=203.0.113.0/24 comment="defconf: RFC6890 documentation" list=\
    bad_ipv4
add address=240.0.0.0/4 comment="defconf: RFC6890 reserved" list=bad_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=10.0.0.0/8 comment="defconf: RFC6890" list=not_global_ipv4
add address=100.64.0.0/10 comment="defconf: RFC6890" list=not_global_ipv4
add address=169.254.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=172.16.0.0/12 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.0.0.0/29 comment="defconf: RFC6890" list=not_global_ipv4
add address=192.168.0.0/16 comment="defconf: RFC6890" list=not_global_ipv4
add address=198.18.0.0/15 comment="defconf: RFC6890 benchmark" list=\
    not_global_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=not_global_ipv4
add address=224.0.0.0/4 comment="defconf: multicast" list=bad_src_ipv4
add address=255.255.255.255 comment="defconf: RFC6890" list=bad_src_ipv4
add address=0.0.0.0/8 comment="defconf: RFC6890" list=bad_dst_ipv4
add address=224.0.0.0/4 comment="defconf: RFC6890" list=bad_dst_ipv4
add list=ddos-attackers
add list=ddos-target
add address=3.7.35.0/25 list=zoom_ip
add address=3.21.137.128/25 list=zoom_ip
add address=3.22.11.0/24 list=zoom_ip
add address=3.23.93.0/24 list=zoom_ip
add address=3.25.41.128/25 list=zoom_ip
add address=3.25.42.0/25 list=zoom_ip
add address=3.25.49.0/24 list=zoom_ip
add address=3.80.20.128/25 list=zoom_ip
add address=3.96.19.0/24 list=zoom_ip
add address=3.101.32.128/25 list=zoom_ip
add address=3.101.52.0/25 list=zoom_ip
add address=3.104.34.128/25 list=zoom_ip
add address=3.120.121.0/25 list=zoom_ip
add address=3.127.194.128/25 list=zoom_ip
add address=3.208.72.0/25 list=zoom_ip
add address=3.211.241.0/25 list=zoom_ip
add address=3.235.69.0/25 list=zoom_ip
add address=3.235.82.0/23 list=zoom_ip
add address=3.235.71.128/25 list=zoom_ip
add address=3.235.72.128/25 list=zoom_ip
add address=3.235.73.0/25 list=zoom_ip
add address=3.235.96.0/23 list=zoom_ip
add address=4.34.125.128/25 list=zoom_ip
add address=4.35.64.128/25 list=zoom_ip
add address=8.5.128.0/23 list=zoom_ip
add address=13.52.6.128/25 list=zoom_ip
add address=13.52.146.0/25 list=zoom_ip
add address=18.157.88.0/24 list=zoom_ip
add address=18.205.93.128/25 list=zoom_ip
add address=50.239.202.0/23 list=zoom_ip
add address=50.239.204.0/24 list=zoom_ip
add address=52.61.100.128/25 list=zoom_ip
add address=52.81.151.128/25 list=zoom_ip
add address=52.81.215.0/24 list=zoom_ip
add address=52.202.62.192/26 list=zoom_ip
add address=52.215.168.0/25 list=zoom_ip
add address=64.125.62.0/24 list=zoom_ip
add address=64.211.144.0/24 list=zoom_ip
add address=65.39.152.0/24 list=zoom_ip
add address=69.174.57.0/24 list=zoom_ip
add address=69.174.108.0/22 list=zoom_ip
add address=99.79.20.0/25 list=zoom_ip
add address=101.36.167.0/24 list=zoom_ip
add address=103.122.166.0/23 list=zoom_ip
add address=111.33.115.0/25 list=zoom_ip
add address=111.33.181.0/25 list=zoom_ip
add address=115.110.154.192/26 list=zoom_ip
add address=115.114.56.192/26 list=zoom_ip
add address=115.114.115.0/26 list=zoom_ip
add address=115.114.131.0/26 list=zoom_ip
add address=120.29.148.0/24 list=zoom_ip
add address=129.151.0.0/19 list=zoom_ip
add address=129.151.40.0/22 list=zoom_ip
add address=129.151.48.0/20 list=zoom_ip
add address=129.159.0.0/20 list=zoom_ip
add address=129.159.160.0/19 list=zoom_ip
add address=129.159.208.0/20 list=zoom_ip
add address=130.61.164.0/22 list=zoom_ip
add address=134.224.0.0/16 list=zoom_ip
add address=140.238.128.0/24 list=zoom_ip
add address=140.238.232.0/22 list=zoom_ip
add address=144.195.0.0/16 list=zoom_ip
add address=147.124.96.0/19 list=zoom_ip
add address=149.137.0.0/17 list=zoom_ip
add address=150.230.224.0/21 list=zoom_ip
add address=152.67.20.0/24 list=zoom_ip
add address=152.67.118.0/24 list=zoom_ip
add address=152.67.168.0/22 list=zoom_ip
add address=152.67.180.0/24 list=zoom_ip
add address=152.67.184.0/22 list=zoom_ip
add address=152.67.240.0/21 list=zoom_ip
add address=152.70.224.0/21 list=zoom_ip
add address=156.45.0.0/17 list=zoom_ip
add address=158.101.64.0/24 list=zoom_ip
add address=158.101.184.0/22 list=zoom_ip
add address=160.1.56.128/25 list=zoom_ip
add address=161.189.199.0/25 list=zoom_ip
add address=161.199.136.0/22 list=zoom_ip
add address=162.12.232.0/22 list=zoom_ip
add address=162.255.36.0/22 list=zoom_ip
add address=165.254.88.0/23 list=zoom_ip
add address=168.138.16.0/22 list=zoom_ip
add address=168.138.48.0/24 list=zoom_ip
add address=168.138.56.0/21 list=zoom_ip
add address=168.138.72.0/24 list=zoom_ip
add address=168.138.74.0/25 list=zoom_ip
add address=168.138.80.0/21 list=zoom_ip
add address=168.138.96.0/22 list=zoom_ip
add address=168.138.116.0/22 list=zoom_ip
add address=168.138.244.0/24 list=zoom_ip
add address=170.114.0.0/16 list=zoom_ip
add address=173.231.80.0/20 list=zoom_ip
add address=192.204.12.0/22 list=zoom_ip
add address=193.122.16.0/20 list=zoom_ip
add address=193.122.32.0/20 list=zoom_ip
add address=193.122.208.0/20 list=zoom_ip
add address=193.122.224.0/20 list=zoom_ip
add address=193.122.240.0/20 list=zoom_ip
add address=193.123.0.0/19 list=zoom_ip
add address=193.123.40.0/21 list=zoom_ip
add address=193.123.128.0/19 list=zoom_ip
add address=193.123.168.0/21 list=zoom_ip
add address=193.123.192.0/19 list=zoom_ip
add address=198.251.128.0/17 list=zoom_ip
add address=202.177.207.128/27 list=zoom_ip
add address=204.80.104.0/21 list=zoom_ip
add address=204.141.28.0/22 list=zoom_ip
add address=207.226.132.0/24 list=zoom_ip
add address=209.9.211.0/24 list=zoom_ip
add address=209.9.215.0/24 list=zoom_ip
add address=213.19.144.0/24 list=zoom_ip
add address=213.19.153.0/24 list=zoom_ip
add address=213.244.140.0/24 list=zoom_ip
add address=221.122.88.64/27 list=zoom_ip
add address=221.122.88.128/25 list=zoom_ip
add address=221.122.89.128/25 list=zoom_ip
add address=221.123.139.192/27 list=zoom_ip
add address=8.5.128.0/24 list=zoom_ip
add address=173.231.92.0/24 list=zoom_ip
add address=173.231.94.0/24 list=zoom_ip
add address=192.168.89.0/24 disabled=yes list=support
add address=192.168.2.0/24 disabled=yes list=support
/ip firewall filter
add action=jump chain=forward comment="SYN Flood protect" connection-state=\
    new jump-target=SYN-Protect protocol=tcp tcp-flags=syn
add action=accept chain=SYN-Protect connection-state=new limit=400,5 \
    protocol=tcp tcp-flags=syn
add action=drop chain=SYN-Protect connection-state=new protocol=tcp \
    tcp-flags=syn
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=accept chain=input comment="Full access to SUPPORT address list" \
    src-address-list=support
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=accept chain=forward comment=\
    "defconf: accept all that matches IPSec policy" disabled=yes \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log-prefix=invalid
add action=drop chain=forward comment=\
    "Drop tries to reach not public addresses from 88LAN" dst-address-list=\
    not_in_internet in-interface=88bridge log-prefix=!public_from_LAN \
    out-interface=!88bridge
add action=drop chain=forward comment=\
    "Drop tries to reach not public addresses from 178LAN" dst-address-list=\
    not_in_internet in-interface=178bridge log-prefix=!public_from_LAN \
    out-interface=!178bridge
add action=drop chain=forward comment=\
    "Drop incoming packets that are not 88NAT`ted" connection-nat-state=\
    !dstnat connection-state=new in-interface-list=WAN log=yes log-prefix=\
    !NAT
add action=drop chain=forward comment="defconf: drop bad forward IPs" \
    src-address-list=no_forward_ipv4
add action=drop chain=forward comment="defconf: drop bad forward IPs" \
    dst-address-list=no_forward_ipv4
add action=jump chain=forward comment="jump to ICMP filters" disabled=yes \
    jump-target=icmp protocol=icmp
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface-list=\
    WAN log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
    "Drop packets from LAN that do not have LAN IP" in-interface-list=LAN \
    src-address-list=!support
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s \
    in-interface-list=LAN
add action=add-dst-to-address-list address-list=ddos-target \
    address-list-timeout=10m chain=detect-ddos
add action=add-src-to-address-list address-list=ddos-attackers \
    address-list-timeout=10m chain=detect-ddos
add action=return chain=detect-ddos dst-limit=32,32,src-and-dst-addresses/10s \
    in-interface-list=LAN protocol=tcp tcp-flags=syn,ack
/ip firewall mangle
add action=mark-connection chain=prerouting comment="ZOOM TCP" \
    dst-address-list=zoom_ip dst-port=80,443,8801,8802,5091 \
    new-connection-mark=tcp_zoom passthrough=yes protocol=tcp
add action=mark-connection chain=prerouting comment="ZOOM UDP" \
    dst-address-list=zoom_ip dst-port=3478,3479,8801-8810,20000-64000 \
    new-connection-mark=udp_zoom passthrough=yes protocol=udp
add action=mark-packet chain=prerouting comment="ZoomTCP Pckt" \
    connection-mark=tcp_zoom new-packet-mark=zoom_pckt passthrough=no
add action=mark-packet chain=prerouting comment="ZoomUDP Pckt" \
    connection-mark=udp_zoom new-packet-mark=zoom_pckt passthrough=no
add action=mark-routing chain=prerouting comment="LAN1 TO WAN 1" disabled=yes \
    new-routing-mark=LAN1_TO_WAN1 passthrough=yes src-address-list=\
    "88 Network"
add action=mark-routing chain=prerouting comment="LAN2 TO WAN 2" disabled=yes \
    new-routing-mark=LAN2_TO_WAN2 passthrough=yes src-address-list=\
    "178 Network"
/ip firewall nat
add action=accept chain=srcnat comment=\
    "defconf: accept all that matches IPSec policy" disabled=yes \
    ipsec-policy=out,ipsec
add action=masquerade chain=srcnat comment="defconf: All masquerade" \
    disabled=yes ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="defconf: All masquerade" \
    ipsec-policy=out,none out-interface=ether1
add action=masquerade chain=srcnat comment="defconf: All masquerade" \
    ipsec-policy=out,none out-interface=PLDTEnterprise
add action=dst-nat chain=dstnat comment=SalesServer disabled=yes dst-address=\
    122.53.63.134 dst-port=9101 in-interface=PLDTEnterprise log=yes protocol=\
    tcp to-addresses=192.168.178.122
add action=dst-nat chain=dstnat disabled=yes dst-address=122.53.63.134 \
    dst-port=80 in-interface=PLDTEnterprise log=yes protocol=tcp \
    to-addresses=192.168.178.122 to-ports=80
add action=dst-nat chain=dstnat comment=SalesServer disabled=yes dst-address=\
    122.53.63.134 dst-port=80 in-interface=PLDTEnterprise log=yes protocol=\
    udp to-addresses=192.168.178.122 to-ports=80
add action=redirect chain=dst-nat dst-port=80 protocol=tcp src-address=\
    192.168.88.0/24 to-ports=8080
/ip firewall raw
add action=drop chain=prerouting dst-port=53 in-interface-list=WAN protocol=\
    udp
add action=accept chain=prerouting comment=\
    "defconf: enable for transparent firewall" disabled=yes
add action=accept chain=prerouting comment="defconf: accept DHCP discover" \
    dst-address=255.255.255.255 dst-port=67 in-interface-list=LAN protocol=\
    udp src-address=0.0.0.0 src-port=68
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    src-address-list=bad_src_ipv4
add action=drop chain=prerouting comment="defconf: drop bogon IP's" \
    dst-address-list=bad_dst_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" \
    disabled=yes in-interface-list=WAN src-address-list=not_global_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" \
    in-interface=PLDTEnterprise src-address-list=not_global_ipv4
add action=drop chain=prerouting comment="defconf: drop non global from WAN" \
    in-interface=ether1 src-address-list=not_global_ipv4
add action=drop chain=prerouting comment=\
    "defconf: drop forward to local lan from WAN" dst-address-list=support \
    in-interface-list=WAN
add action=drop chain=prerouting comment=\
    "defconf: drop local if not from default IP range" in-interface-list=LAN \
    src-address-list=!support
add action=drop chain=prerouting comment="defconf: drop bad UDP" port=0 \
    protocol=udp
add action=jump chain=prerouting comment="defconf: jump to ICMP chain" \
    disabled=yes jump-target=icmp4 protocol=icmp
add action=jump chain=prerouting comment="defconf: jump to TCP chain" \
    disabled=yes jump-target=bad_tcp protocol=tcp
add action=accept chain=prerouting comment=\
    "defconf: accept everything else from LAN" in-interface-list=LAN
add action=accept chain=prerouting comment=\
    "defconf: accept everything else from WAN" in-interface-list=WAN
add action=drop chain=bad_tcp comment="defconf: TCP flag filter" disabled=yes \
    protocol=tcp tcp-flags=!fin,!syn,!rst,!ack
add action=drop chain=bad_tcp comment=defconf disabled=yes protocol=tcp \
    tcp-flags=fin,syn
add action=drop chain=bad_tcp comment=defconf disabled=yes protocol=tcp \
    tcp-flags=fin,rst
add action=drop chain=bad_tcp comment=defconf disabled=yes protocol=tcp \
    tcp-flags=fin,!ack
add action=drop chain=bad_tcp comment=defconf disabled=yes protocol=tcp \
    tcp-flags=fin,urg
add action=drop chain=bad_tcp comment=defconf disabled=yes protocol=tcp \
    tcp-flags=syn,rst
add action=drop chain=bad_tcp comment=defconf disabled=yes protocol=tcp \
    tcp-flags=rst,urg
add action=drop chain=bad_tcp comment="defconf: TCP port 0 drop" disabled=yes \
    port=0 protocol=tcp
add action=drop chain=prerouting dst-address-list=ddos-target \
    src-address-list=ddos-attackers
/ip firewall service-port
set sip disabled=yes
/ip route
add distance=1 gateway=192.168.1.1 routing-mark=88_Subnet
add disabled=yes distance=1 gateway=PLDTEnterprise routing-mark=88_Subnet
add distance=1 gateway=PLDTEnterprise routing-mark=178_Subnet
/ip route rule
add action=lookup-only-in-table comment=88_Subnet src-address=192.168.88.0/24 \
    table=88_Subnet
add action=lookup-only-in-table comment=178_Subnet src-address=\
    192.168.178.0/24 table=178_Subnet
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set www-ssl disabled=no port=449
set api disabled=yes
set api-ssl disabled=yes
/ip ssh
set strong-crypto=yes
/ip traffic-flow
set active-flow-timeout=5m interfaces=88bridge
/system clock
set time-zone-name=Asia/Manila
/system identity
set name=Graphic
/tool bandwidth-server
set enabled=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
Thanks, looking forward for your help.

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot] and 22 guests