Tag

, , ,


untuk mengamankan MikroTik, saya membuat filter rules sebagai berikut;

[admin@MT] > ip firewall filter pr
Flags: X – disabled, I – invalid, D – dynamic
0 ;;; Accept Input Established
chain=input action=accept connection-state=established log=no
log-prefix=””

1 ;;; Accept Input Related
chain=input action=accept connection-state=related log=no log-prefix=””

2 ;;; Drop Input Invalid
chain=input action=drop connection-state=invalid log=no log-prefix=””

3 ;;; Accept Input Limited ICMP
chain=input action=accept protocol=icmp limit=50/5s,2 log=no
log-prefix=””

4 ;;; Drop Input Exceed ICMP
chain=input action=drop protocol=icmp log=no log-prefix=””

5 ;;; Accept Input Winbox
chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=””

6 ;;; Accept Input Webfig
chain=input action=accept protocol=tcp dst-port=80 log=no log-prefix=””

7 ;;; Accept Input Webfig
chain=input action=accept protocol=tcp dst-port=851 log=no log-prefix=””

8 ;;; Accept Input Telnet
chain=input action=accept protocol=tcp dst-port=23 log=no log-prefix=””

9 ;;; Accept Input SSH
chain=input action=accept protocol=tcp dst-port=22 log=no log-prefix=””

10 ;;; Accept Input radmin Discovery
chain=input action=accept protocol=tcp dst-port=4899 log=no log-prefix=””

11 ;;; Accept Input DNS
chain=input action=accept protocol=udp dst-port=53 log=no log-prefix=””

12 ;;; Accept Input WInbox Discovery
chain=input action=accept protocol=udp dst-port=5678 log=no log-prefix=””

13 ;;; Drop Input Anything Else
chain=input action=drop log=no log-prefix=””

14 ;;; Limit IDM
chain=forward action=drop protocol=tcp src-address-list=localnet
connection-limit=5,32 connection-mark=koneksi idm log=no log-prefix=””

15 ;;; UltraSurfServers
chain=forward action=drop src-address-list=UltraSurfServers log=no
log-prefix=””

16 ;;; drop indostar-tv.com
chain=forward action=drop src-address=localnet
src-address-list=!full sn dst-address-list=indostar-tv.com log=no
log-prefix=””

17 ;;; Drop Allvideo
chain=forward action=drop protocol=tcp layer7-protocol=allvideo log=no
log-prefix=””

18 ;;; Accept gmail
chain=forward action=accept protocol=tcp src-address-list=gmail log=no
log-prefix=””

19 ;;; Drop Youtube
chain=forward action=drop src-address-list=!ytb dst-address-list=!ytb
content=googlevideo.com log=no log-prefix=””

20 ;;; drop https FB
chain=forward action=drop src-address-list=!full sn
dst-address-list=facebook log=no log-prefix=””

21 ;;; drop indostreamserver.com
chain=forward action=drop src-address=localnet
src-address-list=!full sn dst-address-list=indostreamserver.com log=no
log-prefix=””

22 ;;; drop twitter
chain=forward action=drop protocol=tcp src-address-list=!full sn
dst-address-list=twitter log=no log-prefix=””

23 ;;; drop yahoo
chain=forward action=drop src-address=localnet
src-address-list=!YM dst-address-list=!YM layer7-protocol=yahoo log=no
log-prefix=””

24 ;;; playvid
chain=forward action=drop src-address=localnet
layer7-protocol=playvid log=no log-prefix=””

25 ;;; Accept Forward Established
chain=forward action=accept connection-state=established log=no
log-prefix=””

26 ;;; Accept Forward Related
chain=forward action=accept connection-state=related log=no log-prefix=””

27 ;;; Drop Forward Invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=””

28 ;;; Accept User Internet and Jump to Port-Filter
chain=forward action=jump jump-target=port-filter
src-address-list=localnet log=no log-prefix=””

29 ;;; Accept Port-Filter HTTP
chain=port-filter action=accept protocol=tcp port=80 log=no log-prefix=””

30 ;;; Accept Port-Filter HTTP
chain=port-filter action=accept protocol=tcp port=851 log=no
log-prefix=””

31 ;;; Accept Port-Filter HTTPS
chain=port-filter action=accept protocol=tcp port=443 log=no
log-prefix=””

32 ;;; Accept Port-Filter Email Ports
chain=port-filter action=accept protocol=tcp
port=25,587,465,110,143,993,995 log=no log-prefix=””

33 ;;; Accept Port-Filter YM
chain=port-filter action=accept protocol=tcp port=5050 log=no
log-prefix=””

34 ;;; Accept Port-Filter VPN BCA
chain=port-filter action=accept protocol=udp port=500,10000 log=no
log-prefix=””

35 ;;; Accept Port-Filter DNS
chain=port-filter action=accept protocol=udp port=53 log=no log-prefix=””

36 ;;; Accept Port-Filter NTP
chain=port-filter action=accept protocol=udp port=123 log=no
log-prefix=””

37 ;;; Accept Port-Filter radmin
chain=port-filter action=accept protocol=tcp port=4899 log=no
log-prefix=””

38 ;;; Accept Port-Filter winbox
chain=port-filter action=accept protocol=tcp port=8291 log=no
log-prefix=””

39 ;;; Accept Port-Filter CCTV
chain=port-filter action=accept protocol=tcp
port=30001,30002,30000,37779,37775,37777 log=no log-prefix=””

40 ;;; Accept Port-Filter CCTV
chain=port-filter action=accept protocol=tcp
port=24,60,96,100,120,136,156,160,168,184,185,196,199,200,1132 log=no
log-prefix=””

41 ;;; Accept Port-Filter CCTV
chain=port-filter action=accept protocol=tcp port=8,48,164,1040,2828
log=no log-prefix=””

42 ;;; Accept Port-Filter SNMP
chain=port-filter action=accept protocol=udp port=161 log=no
log-prefix=””

43 ;;; Accept Port-Filter RDP
chain=port-filter action=accept protocol=tcp port=3389 log=no
log-prefix=””

44 ;;; Accept Port-Filter SMB
chain=port-filter action=accept protocol=tcp port=445 log=no
log-prefix=””

45 ;;; Accept Port-Filter ftp,mysql
chain=port-filter action=accept protocol=tcp port=21,22,3306 log=no
log-prefix=””

46 ;;; Accept Port-Filter team viewer
chain=port-filter action=accept protocol=tcp port=5938 log=no
log-prefix=””

47 ;;; Accept Port-Filter postgresql
chain=port-filter action=accept protocol=tcp port=5432 log=no
log-prefix=””

48 ;;; Accept Port-Filter ICMP
chain=port-filter action=accept protocol=icmp log=no log-prefix=””

49 ;;; Drop Port-Filter Anything Else
chain=port-filter action=drop log=no log-prefix=””