Minggu, 21 April 2013

Setting Firewall Mikrotik Untuk Menangkal Virus dan Netcut

Setting Firewall Mikrotik Untuk Menangkal Virus dan Netcut

Dalam artikel kali ini Belajar Komputer akan memposting terkait sistem firewall dalam mikrotik terkhusus untuk menangkal virus dan netcut dalam jaringan lokal (local network). Berbagai serangan baik dari jaringan lokal maupun global merupakan sesuatu hal yang mengganggu sistem dan informasi yang sifatnya privacy, olehnya para administrator jaringan dituntut lebih memahami bagaimana memanagement keamanan sistem dalam perangkat jaringannya.
Terkhusus pada perangkat jaringan yang satu ini, mikrotik dalam sistemnya memberikan fasilitas firewall dalam menangkal berbagai serangan. Bagaimana melakukan hal tersebut, berikut listing kode untuk setting firewall menangkal virus dan netcut :
  1. Untuk langkah pertama login ke sistem mikrotik menggunakan winbox loader
  2. Pada menu mikrotik pilih New Terminal kemudian ketikkan atau copas kode dibawah ini :
    /ip firewall filter
    add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
    add action=drop chain=forward connection-state=invalid disabled=no
    add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=445 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=445 protocol=udp
    add action=drop chain=virus disabled=no dst-port=593 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=4444 protocol=udp
    add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp
    add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp
    add action=jump chain=forward disabled=no jump-target=virus
    add action=drop chain=input connection-state=invalid disabled=no
    add action=accept chain=input disabled=no protocol=udp
    add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
    add action=drop chain=input disabled=no protocol=icmp
    add action=accept chain=input disabled=no dst-port=21 protocol=tcp
    add action=accept chain=input disabled=no dst-port=22 protocol=tcp
    add action=accept chain=input disabled=no dst-port=23 protocol=tcp
    add action=accept chain=input disabled=no dst-port=80 protocol=tcp
    add action=accept chain=input disabled=no dst-port=8291 protocol=tcp
    add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
    add action=accept chain=input disabled=no dst-port=23 protocol=tcp
    add action=accept chain=input disabled=no dst-port=80 protocol=tcp
    add action=accept chain=input disabled=no dst-port=1723 protocol=tcp
    add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s chain=input disabled=no dst-port=1337 protocol=tcp
    
    add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock
    
    add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”port-scanner” disabled=no protocol=tcp psd=21,3s,3,1
    
    add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”SYN/FIN” disabled=no protocol=tcp tcp-flags=fin,syn
    
    add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”SYN/RST” disabled=no protocol=tcp tcp-flags=syn,rst
    
    add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”FIN/PSH/URG” disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
    
    add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”ALL/ALL scan” disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
    
    add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”NMAP” disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254
    
    add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
  3. Langkah selanjutnya restart mikrotik sobat dengan mengetikkan /system reboot

Baik sobat silahkan dicoba, dan semoga artikel kali ini bermanfaat. Wassalam

Tidak ada komentar:

Total Tayangan

Banner1