Mikrotik
Páginas: 6 (1404 palabras)
Publicado: 16 de octubre de 2012
Antivirus en mikrotik
en mikrotik como en cualquier distro que conosca de linux las reglas son secuenciales , en mi caso primero habilitamos los que necesitamos y al ultimo cerramos todos ahi checalo espero que te ayude saludos.
# jan/03/1970 19:23:04 by RouterOS 4.10
# software id = XXXXXXX
#
/ip firewall filter
add action=accept chain=forward comment=PASARELLA disabled=nosrc-address=\
192.168.10.0/24
add action=drop chain=forward comment=ARES disabled=no p2p=all-p2p
add action=accept chain=input comment="INGRESO INTERNO DNS" disabled=no \
dst-port=53 protocol=udp src-address-list=clients
add action=accept chain=output comment="" disabled=no protocol=udp src-port=\
53
add action=accept chain=input comment="INGRESO AL MK PORT 80" disabled=no \
dst-port=441protocol=tcp src-address-list=clients
add action=accept chain=input comment="" disabled=no dst-port=80 protocol=tcp \
src-address-list=clients
add action=accept chain=forward comment=PROXY disabled=no protocol=tcp \
src-address=192.168.10.250 src-port=5128
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.10.250 dst-port=5128 protocol=tcp
add action=accept chain=forwardcomment=\
"INGRESO AL PORTAL WEB SQUID PORT 80" disabled=no protocol=tcp \
src-address-list=clients src-port=80
add action=accept chain=forward comment="PETICIONES EXTERNAS DNS " disabled=\
no dst-port=53 protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=53 protocol=\
udp src-address-list=clients
add action=accept chain=forwardcomment="PETICIONES EXTERNAS MSN" disabled=no \
dst-port=1863 protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=80 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=21 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=8080 \
protocol=tcpsrc-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=443 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=22 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=995 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment=""disabled=no dst-port=110 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=8360-8372 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment=LIMEWIRE disabled=no dst-port=6346 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment="FACEBOOK - CHAT" disabled=no \
dst-port=5222 protocol=tcpsrc-address-list=clients
add action=accept chain=forward comment="INGRESO A LA RB BRIDGE" disabled=no \
dst-port=8291-8294 protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no protocol=tcp \
src-address-list=clients src-port=8291-8294
add action=accept chain=input comment="INGRESO AL MK WINBOX" disabled=no \
dst-port=8292 protocol=tcpsrc-address-list=clients
add action=accept chain=output comment="" disabled=no protocol=tcp \
src-address-list=clients src-port=8292
add action=accept chain=forward comment="MSN YAHOO" disabled=no dst-port=5050 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment=GARENA disabled=no dst-port=1513 \
protocol=udp src-address-list=clients
add action=accept chain=forward comment=""disabled=no dst-port=7456 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=8352 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment=GB disabled=no dst-port=8400 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no protocol=tcp \
src-address-list=clients src-port=8400
add...
en mikrotik como en cualquier distro que conosca de linux las reglas son secuenciales , en mi caso primero habilitamos los que necesitamos y al ultimo cerramos todos ahi checalo espero que te ayude saludos.
# jan/03/1970 19:23:04 by RouterOS 4.10
# software id = XXXXXXX
#
/ip firewall filter
add action=accept chain=forward comment=PASARELLA disabled=nosrc-address=\
192.168.10.0/24
add action=drop chain=forward comment=ARES disabled=no p2p=all-p2p
add action=accept chain=input comment="INGRESO INTERNO DNS" disabled=no \
dst-port=53 protocol=udp src-address-list=clients
add action=accept chain=output comment="" disabled=no protocol=udp src-port=\
53
add action=accept chain=input comment="INGRESO AL MK PORT 80" disabled=no \
dst-port=441protocol=tcp src-address-list=clients
add action=accept chain=input comment="" disabled=no dst-port=80 protocol=tcp \
src-address-list=clients
add action=accept chain=forward comment=PROXY disabled=no protocol=tcp \
src-address=192.168.10.250 src-port=5128
add action=accept chain=forward comment="" disabled=no dst-address=\
192.168.10.250 dst-port=5128 protocol=tcp
add action=accept chain=forwardcomment=\
"INGRESO AL PORTAL WEB SQUID PORT 80" disabled=no protocol=tcp \
src-address-list=clients src-port=80
add action=accept chain=forward comment="PETICIONES EXTERNAS DNS " disabled=\
no dst-port=53 protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=53 protocol=\
udp src-address-list=clients
add action=accept chain=forwardcomment="PETICIONES EXTERNAS MSN" disabled=no \
dst-port=1863 protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=80 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=21 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=8080 \
protocol=tcpsrc-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=443 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=22 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=995 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment=""disabled=no dst-port=110 protocol=\
tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=8360-8372 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment=LIMEWIRE disabled=no dst-port=6346 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment="FACEBOOK - CHAT" disabled=no \
dst-port=5222 protocol=tcpsrc-address-list=clients
add action=accept chain=forward comment="INGRESO A LA RB BRIDGE" disabled=no \
dst-port=8291-8294 protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no protocol=tcp \
src-address-list=clients src-port=8291-8294
add action=accept chain=input comment="INGRESO AL MK WINBOX" disabled=no \
dst-port=8292 protocol=tcpsrc-address-list=clients
add action=accept chain=output comment="" disabled=no protocol=tcp \
src-address-list=clients src-port=8292
add action=accept chain=forward comment="MSN YAHOO" disabled=no dst-port=5050 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment=GARENA disabled=no dst-port=1513 \
protocol=udp src-address-list=clients
add action=accept chain=forward comment=""disabled=no dst-port=7456 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no dst-port=8352 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment=GB disabled=no dst-port=8400 \
protocol=tcp src-address-list=clients
add action=accept chain=forward comment="" disabled=no protocol=tcp \
src-address-list=clients src-port=8400
add...
Leer documento completo
Regístrate para leer el documento completo.