« Mikrotik : Sécurisation » : différence entre les versions

De www.yakakliker.org
VisuelWikicode
(Page créée avec « <syntaxhighlight lang="bash"> /ip firewall address-list add list=BlackList comment="Liste des IP bloquées." /ip firewall raw add action=drop chain=prerouting comment="Blacklist" src-address-list="Blacklist" /ip firewall raw add action=drop chain=prerouting comment="Blacklist" dst-address-list="Blacklist" /ip firewall filter add chain=input action=drop comment="Drop new connections from Blacklist" connection-state=new src-address-list=Blacklist /ip firewall fil... »)
 
Aucun résumé des modifications
Ligne 1 : Ligne 1 :
<syntaxhighlight lang="bash">
<syntaxhighlight lang="bash">
/ip firewall address-list add list=BlackList comment="Liste des IP bloquées."
/ip firewall address-list add list=Blacklist comment="Liste des IP bloquées."


/ip firewall raw add action=drop chain=prerouting comment="Blacklist" src-address-list="Blacklist"
/ip firewall raw add action=drop chain=prerouting comment="Blacklist" src-address-list="Blacklist"
Ligne 12 : Ligne 12 :




/ip firewall filter add action=add-src-to-address-list address-list=BlackList address-list-timeout=10h chain=input protocol=tcp connection-state=new dst-port=110,161,443,445,3128,3306,3333,3389,7547,8291,8080-8082  comment="Blocage Scan de ports"  
/ip firewall filter add action=add-src-to-address-list address-list=Blacklist address-list-timeout=10h chain=input protocol=tcp connection-state=new dst-port=110,161,443,445,3128,3306,3333,3389,7547,8291,8080-8082  comment="Blocage Scan de ports"  
/ip firewall raw add chain=output content="invalid user name or password" action=add-dst-to-address-list address-list=BlackList address-list-timeout=1h10m comment="Blocage Bruteforce"
/ip firewall raw add chain=output content="invalid user name or password" action=add-dst-to-address-list address-list=Blacklist address-list-timeout=1h10m comment="Blocage Bruteforce"




Version du 9 septembre 2024 à 16:48

/ip firewall address-list add list=Blacklist comment="Liste des IP bloquées."

/ip firewall raw add action=drop chain=prerouting comment="Blacklist" src-address-list="Blacklist"
/ip firewall raw add action=drop chain=prerouting comment="Blacklist" dst-address-list="Blacklist"

/ip firewall filter add chain=input action=drop comment="Drop new connections from Blacklist" connection-state=new src-address-list=Blacklist
/ip firewall filter add chain=forward action=drop comment="Drop new connections from Blacklist" src-address-list=Blacklist

/ip firewall filter add chain=output action=drop comment="Drop new connections from Blacklist" connection-state=new dst-address-list=Blacklist
/ip firewall filter add chain=forward action=drop comment="Drop new connections from Blacklist" dst-address-list=Blacklist


/ip firewall filter add action=add-src-to-address-list address-list=Blacklist address-list-timeout=10h chain=input protocol=tcp connection-state=new dst-port=110,161,443,445,3128,3306,3333,3389,7547,8291,8080-8082  comment="Blocage Scan de ports" 
/ip firewall raw add chain=output content="invalid user name or password" action=add-dst-to-address-list address-list=Blacklist address-list-timeout=1h10m comment="Blocage Bruteforce"

Liens

https://mhelp.pro/fr/mikrotik-protection-parametre-de-securite-de-base-de-lappareil/

Récupérée de « http://www.yakakliker.org/index.php?title=Mikrotik_:_Sécurisation&oldid=493 »