Firewall padrão simples

/ip firewall filter
add action=accept chain=forward comment=”Accepted Connections” \
connection-state=established disabled=no
add action=accept chain=input comment=”” disabled=no dst-port=80 protocol=tcp
add action=accept chain=input comment=”” disabled=no dst-port=25 protocol=tcp
add action=drop chain=forward comment=”Drop invalid connections” \
connection-state=invalid disabled=no

Dropar Virus

/ip firewall filter
add action=drop chain=forward comment=”Drop Virus Port” disabled=no \
dst-port=40016 protocol=udp
add action=drop chain=virus comment=”” disabled=no dst-port=135-139 protocol=\
udp
add action=drop chain=virus comment=”” disabled=no dst-port=135-139 protocol=\
tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1433-1434 \
protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=445 protocol=udp
add action=drop chain=virus comment=”” disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1024-1030 \
protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=3127 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus comment=”” disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus comment=”” disabled=no dst-port=10080 protocol=\
tcp
add action=drop chain=virus comment=”” disabled=no dst-port=12345 protocol=\
tcp
add action=drop chain=virus comment=”” disabled=no dst-port=17300 protocol=\
tcp
add action=drop chain=virus comment=”” disabled=no dst-port=27374 protocol=\
tcp
add action=drop chain=virus comment=”” disabled=no dst-port=65506 protocol=\
tcp

Dropar Port Scanner

/ip firewall filter
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment=”Drop Port Scanner” disabled=\
no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment=”” disabled=no protocol=tcp \
tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment=”” disabled=no protocol=tcp \
tcp-flags=fin,syn
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment=”” disabled=no protocol=tcp \
tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment=”” disabled=no protocol=tcp \
tcp-flags=syn,rst
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment=”” disabled=no protocol=tcp \
tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list=PortScanner \
address-list-timeout=2w chain=input comment=”” disabled=no protocol=tcp \
tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment=”” disabled=no src-address-list=\
PortScanner

Dropar Brute Force

/ip firewall filter
add action=accept chain=output comment=”Drop Brute Force” content=\
“530 Login incorrect” disabled=no dst-limit=1/1m,9,dst-address/1m \
protocol=tcp
add action=add-dst-to-address-list address-list=Blacklist \
address-list-timeout=23h chain=output comment=”” content=\
“530 Login incorrect” disabled=no protocol=tcp
add action=drop chain=input comment=”” disabled=no dst-port=22 protocol=tcp \
src-address-list=Blacklist

Dropar Trace route

/ip firewall filter
add action=drop chain=forward comment=”Drop Traceroute” disabled=no \
icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment=”” disabled=no icmp-options=3:3 \
protocol=icmp
add action=drop chain=input comment=”” disabled=no protocol=\
icmp src-address-list=!Local

Dropar ICMP Ping

/ip firewall filter
add action=drop chain=input comment=”Drop ICMP Ping” disabled=no protocol=\
icmp

Dropar Netcut Attack

/ip firewall filter
add action=accept chain=input comment=”NETCUT BLOCK” disabled=no dst-port=\
0-65535 protocol=tcp src-address=61.213.183.0/24
add action=accept chain=input comment=”” disabled=no dst-port=0-65535 \
protocol=tcp src-address=67.195.134.0/24
add action=accept chain=input comment=”” disabled=no dst-port=0-65535 \
protocol=tcp src-address=68.142.233.0/24
add action=accept chain=input comment=”” disabled=no dst-port=0-65535 \
protocol=tcp src-address=68.180.217.0/24
add action=accept chain=input comment=”” disabled=no dst-port=0-65535 \
protocol=tcp src-address=203.84.204.0/24
add action=accept chain=input comment=”” disabled=no dst-port=0-65535 \
protocol=tcp src-address=69.63.176.0/24
add action=accept chain=input comment=”” disabled=no dst-port=0-65535 \
protocol=tcp src-address=69.63.181.0/24

Filtros para proteger os usuários

Ola pessoal, uma rede segura hoje em dia é praticamente impossível, a ideia é amenizar a experiência dos clientes em nossa rede procurando proteger os acessos de malwares, phishing, spammers e etc.

Listas com estes endereços são caras e quase, em sua maioria, desenvolvida por autônomos.
Descobri uma lista, por sinal muito boa, de um pessoal que esta revolucionando em termo de filtros prontos para mikrotik. Segue:

    * Ads - https://blocklister.gefoo.org/ads
    * Badpeers - https://blocklister.gefoo.org/badpeers
    * Blocklistde_All - https://blocklister.gefoo.org/blocklistde_all
    * Blocklistde_Apache - https://blocklister.gefoo.org/blocklistde_apache
    * Blocklistde_Ftp - https://blocklister.gefoo.org/blocklistde_ftp
    * Blocklistde_Imap - https://blocklister.gefoo.org/blocklistde_imap
    * Blocklistde_Mail - https://blocklister.gefoo.org/blocklistde_mail
    * Blocklistde_Ssh - https://blocklister.gefoo.org/blocklistde_ssh
    * Blocklistde_Strongips - https://blocklister.gefoo.org/blocklistde_strongips
    * Dshield - https://blocklister.gefoo.org/dshield
    * Edu - https://blocklister.gefoo.org/edu
    * Hijacked - https://blocklister.gefoo.org/hijacked
    * Level1 - https://blocklister.gefoo.org/level1
    * Level2 - https://blocklister.gefoo.org/level2
    * Level3 - https://blocklister.gefoo.org/level3
    * Malwaredomainlist - https://blocklister.gefoo.org/malwaredomainlist
    * Microsoft - https://blocklister.gefoo.org/microsoft
    * Openbl - https://blocklister.gefoo.org/openbl
    * Openbl_180 - https://blocklister.gefoo.org/openbl_180
    * Openbl_360 - https://blocklister.gefoo.org/openbl_360
    * Proxy - https://blocklister.gefoo.org/proxy
    * Spamhausdrop - https://blocklister.gefoo.org/spamhausdrop
    * Spamhausedrop - https://blocklister.gefoo.org/spamhausedrop
    * Spider - https://blocklister.gefoo.org/spider
    * Spyware - https://blocklister.gefoo.org/spyware


 

Erro no PPPOE permite multiplas conexões

Hoje, ao dar uma olhada em uma RB minha com mais de 600 clientes haviam 12 clientes com o mesmo login LOGADOS.

Apesar de ter colocado que somente uma conexão por host seria permitido, isso não estava funcionando.

Cacei uns scripts e tal mas umas gambis da miseria, quando me deparei com esta linha:

/ppp profile set numbers=1 only-one=yes

Pronto, resolvido!!! (é mole???)