Dalam artikel kali ini Belajar Komputer
akan memposting terkait sistem firewall dalam mikrotik terkhusus untuk
menangkal virus dan netcut dalam jaringan lokal (local network).
Berbagai serangan baik dari jaringan lokal maupun global merupakan
sesuatu hal yang mengganggu sistem dan informasi yang sifatnya privacy,
olehnya para administrator jaringan dituntut lebih memahami bagaimana
memanagement keamanan sistem dalam perangkat jaringannya.
Terkhusus pada perangkat jaringan yang
satu ini, mikrotik dalam sistemnya memberikan fasilitas firewall dalam
menangkal berbagai serangan. Bagaimana melakukan hal tersebut, berikut
listing kode untuk setting firewall menangkal virus dan netcut :
- Untuk langkah pertama login ke sistem mikrotik menggunakan winbox loader
- Pada menu mikrotik pilih New Terminal kemudian ketikkan atau copas kode dibawah ini :
/ip firewall filter add action=accept chain=input disabled=no dst-port=8291 protocol=tcp add action=drop chain=forward connection-state=invalid disabled=no add action=drop chain=virus disabled=no dst-port=135-139 protocol=tcp add action=drop chain=virus disabled=no dst-port=1433-1434 protocol=tcp add action=drop chain=virus disabled=no dst-port=445 protocol=tcp add action=drop chain=virus disabled=no dst-port=445 protocol=udp add action=drop chain=virus disabled=no dst-port=593 protocol=tcp add action=drop chain=virus disabled=no dst-port=1024-1030 protocol=tcp add action=drop chain=virus disabled=no dst-port=1080 protocol=tcp add action=drop chain=virus disabled=no dst-port=1214 protocol=tcp add action=drop chain=virus disabled=no dst-port=1363 protocol=tcp add action=drop chain=virus disabled=no dst-port=1364 protocol=tcp add action=drop chain=virus disabled=no dst-port=1368 protocol=tcp add action=drop chain=virus disabled=no dst-port=1373 protocol=tcp add action=drop chain=virus disabled=no dst-port=1377 protocol=tcp add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp add action=drop chain=virus disabled=no dst-port=2283 protocol=tcp add action=drop chain=virus disabled=no dst-port=2535 protocol=tcp add action=drop chain=virus disabled=no dst-port=2745 protocol=tcp add action=drop chain=virus disabled=no dst-port=3127 protocol=tcp add action=drop chain=virus disabled=no dst-port=3410 protocol=tcp add action=drop chain=virus disabled=no dst-port=4444 protocol=tcp add action=drop chain=virus disabled=no dst-port=4444 protocol=udp add action=drop chain=virus disabled=no dst-port=5554 protocol=tcp add action=drop chain=virus disabled=no dst-port=8866 protocol=tcp add action=drop chain=virus disabled=no dst-port=9898 protocol=tcp add action=drop chain=virus disabled=no dst-port=10080 protocol=tcp add action=drop chain=virus disabled=no dst-port=12345 protocol=tcp add action=drop chain=virus disabled=no dst-port=17300 protocol=tcp add action=drop chain=virus disabled=no dst-port=27374 protocol=tcp add action=drop chain=virus disabled=no dst-port=65506 protocol=tcp add action=jump chain=forward disabled=no jump-target=virus add action=drop chain=input connection-state=invalid disabled=no add action=accept chain=input disabled=no protocol=udp add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp add action=drop chain=input disabled=no protocol=icmp add action=accept chain=input disabled=no dst-port=21 protocol=tcp add action=accept chain=input disabled=no dst-port=22 protocol=tcp add action=accept chain=input disabled=no dst-port=23 protocol=tcp add action=accept chain=input disabled=no dst-port=80 protocol=tcp add action=accept chain=input disabled=no dst-port=8291 protocol=tcp add action=accept chain=input disabled=no dst-port=1723 protocol=tcp add action=accept chain=input disabled=no dst-port=23 protocol=tcp add action=accept chain=input disabled=no dst-port=80 protocol=tcp add action=accept chain=input disabled=no dst-port=1723 protocol=tcp add action=add-src-to-address-list address-list=DDOS address-list-timeout=15s chain=input disabled=no dst-port=1337 protocol=tcp add action=add-src-to-address-list address-list=DDOS address-list-timeout=15m chain=input disabled=no dst-port=7331 protocol=tcp src-address-list=knock add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”port-scanner” disabled=no protocol=tcp psd=21,3s,3,1 add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”SYN/FIN” disabled=no protocol=tcp tcp-flags=fin,syn add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”SYN/RST” disabled=no protocol=tcp tcp-flags=syn,rst add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”FIN/PSH/URG” disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”ALL/ALL scan” disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg add action=add-src-to-address-list address-list=”port-scanners” address-list-timeout=2w chain=input comment=”NMAP” disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment=”ANTI-NETCUT” disabled=no dst-port=0-65535 protocol=tcp src-address=63.245.213.1-63.245.213.254
- Langkah selanjutnya restart mikrotik sobat dengan mengetikkan /system reboot
Baik sobat silahkan dicoba, dan semoga artikel kali ini bermanfaat. Wassalam
Tidak ada komentar:
Posting Komentar