WereDoku

User Tools

Site Tools

Trace:
mikrotik

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
mikrotik [2021/03/13 15:30]
ww [IPv4 firewall stub] 		mikrotik [2022/03/16 09:52] (current)
ww
Line 105: Line 105:
 ===== IPv6 firewall stub ===== ===== IPv6 firewall stub =====
   /ipv6 firewall filter   /ipv6 firewall filter
-  add chain=forward connection-state=established                action=accept comment="Allow ESTABLISHED (FORWARD)" +  add chain=forward connection-state=established                action=accept             comment="Allow ESTABLISHED (FORWARD)" 
-  add chain=forward connection-state=related                    action=accept comment="Allow RELATED (FORWARD)" +  add chain=forward connection-state=related                    action=accept             comment="Allow RELATED (FORWARD)" 
-  add chain=forward in-interface-list=WAN protocol=icmpv6       action=accept comment="Allow ICMPv6 (FORWARD)" +  add chain=forward in-interface-list=WAN protocol=icmpv6       action=accept             comment="Allow ICMPv6 (FORWARD)" 
-  add chain=forward in-interface-list=WAN                       action=drop   comment="Drop everything else (FORWARD)" +  add chain=forward in-interface-list=WAN                       action=drop disabled=yes  comment="Drop everything else (FORWARD)" 
-  add chain=input   connection-state=established                action=accept comment="Allow ESTABLISHED (INPUT)" +  add chain=input   connection-state=established                action=accept             comment="Allow ESTABLISHED (INPUT)" 
-  add chain=input   connection-state=related                    action=accept comment="Allow RELATED (INPUT)" +  add chain=input   connection-state=related                    action=accept             comment="Allow RELATED (INPUT)" 
-  add chain=input   in-interface-list=WAN protocol=icmpv6       action=accept comment="Allow ICMPv6 (INPUT)" +  add chain=input   in-interface-list=WAN protocol=icmpv6       action=accept             comment="Allow ICMPv6 (INPUT)" 
-  add chain=input   in-interface-list=WAN protocol=udp port=546 action=accept comment="Allow DHCPv6 (INPUT)" +  add chain=input   in-interface-list=WAN protocol=udp port=546 action=accept             comment="Allow DHCPv6 (INPUT)" 
-  add chain=input   in-interface-list=WAN                       action=drop   comment="Drop everything else (INPUT)"+  add chain=input   in-interface-list=WAN                       action=drop disabled=yes  comment="Drop everything else (INPUT)"
  
 ---- ----
Line 195: Line 195:
   * Nevýhoda: Google DNS NEbude dostupné přes GW2.   * Nevýhoda: Google DNS NEbude dostupné přes GW2.
   * [[https://www.prinmath.com/ham/mikrotik-failover.htm|Zdroj]]   * [[https://www.prinmath.com/ham/mikrotik-failover.htm|Zdroj]]
 +
 +----
 +
 +===== Ban list =====
 +<code>
 +/ ip firewall filter 
 +add chain=input in-interface=ether1-wan protocol=tcp dst-port=22 \
 +    connection-state=new connection-limit=5/1m;1:packet \
 +    action=add-src-to-address-list address-list=ssh_logins \
 +    address-list-timeout=12h comment="" disabled=no 
 +add chain=input protocol=tcp dst-port=22 src-address-list=!ssh_logins \
 +    action=accept comment="" disabled=no 
 +</code>
mikrotik.1615645843.txt.gz · Last modified: 2022/03/16 09:38 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki