/ip firewall filter
add chain=input protocol=tcp psd=21,3s,3,1 action=add-src-to-address-list \
address-list="port scanners" address-list-timeout=2w comment="ip hacker to list" \
disabled=no
add chain=input protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="NMAP FIN Stealth scan"
add chain=input protocol=tcp tcp-flags=fin,syn \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="SYN/FIN scan"
add chain=input protocol=tcp tcp-flags=syn,rst \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="SYN/RST scan"
add chain=input protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="FIN/PSH/URG scan"
add chain=input protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="ALL/ALL scan"
add chain=input protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg \
action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w comment="NMAP NULL scan"
add chain=input src-address-list="port scanners" action=drop \
comment="dropping port scanners" disabled=no
SUMBER : http://wiki.mikrotik.com/wiki/Drop_port_scanners
This entry was posted
on 14.15
and is filed under
Mikrotik
.
You can leleave a response
and llow any responses to this entry through the
Langganan:
Posting Komentar (Atom)
.
Categories
- All about Blogspot (3)
- Freebsd (4)
- FreeNas (3)
- Game Online (1)
- HOT SPOT (2)
- Hotspot (1)
- Internet (1)
- IPCOP (3)
- Mikrotik (8)
- Printer (1)
- Software Tools (5)
- Tip Trik Net60 (1)
- TOKO ONLINE (1)
- Ubuntu (2)
- visual basic 6 (1)
- Windows (1)
0 komentar