Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Firewall

    Hochgeladen von

    Alejandro Velasquez Tecnico Sistemas AJ
    10 Ansichten1 Seite

    Originaltitel

    Firewall.txt

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    TXT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    10 Ansichten1 Seite

    Firewall

    Hochgeladen von

    Alejandro Velasquez Tecnico Sistemas AJ

    Copyright:

    © All Rights Reserved
    Als TXT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 1

    /ip firewall filter

    add action=drop chain=input comment="BLOQUEO DNS" dst-port=53 in-interface=\


    ether1 protocol=udp
    add action=drop chain=input disabled=yes dst-port=23 in-interface=ether1 \
    protocol=tcp
    add action=drop chain=input disabled=yes dst-port=22 in-interface=ether1 \
    protocol=tcp
    add action=drop chain=input comment="drop ssh brute forcers" dst-port=22 \
    protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input dst-port=22 protocol=tcp \
    src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=30m chain=input dst-port=22 protocol=tcp \
    src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=2m chain=input dst-port=22 protocol=tcp \
    src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input dst-port=22 protocol=tcp
    add action=drop chain=input comment="drop ftp brute forcers" dst-port=21 \
    protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input dst-port=21 protocol=tcp \
    src-address-list=ftp_stage3
    add action=add-src-to-address-list address-list=ftp_stage3 \
    address-list-timeout=30m chain=input dst-port=21 protocol=tcp \
    src-address-list=ftp_stage2
    add action=add-src-to-address-list address-list=ftp_stage2 \
    address-list-timeout=1m chain=input dst-port=21 protocol=tcp \
    src-address-list=ftp_stage1
    add action=add-src-to-address-list address-list=ftp_stage1 \
    address-list-timeout=1m chain=input dst-port=21 protocol=tcp
    add action=drop chain=input comment="drop telnet brute forcers" dst-port=23 \
    protocol=tcp src-address-list=black_list
    add action=add-src-to-address-list address-list=black_list \
    address-list-timeout=1d chain=input dst-port=23 protocol=tcp \
    src-address-list=telnet_stage3
    add action=add-src-to-address-list address-list=telnet_stage3 \
    address-list-timeout=30m chain=input dst-port=23 protocol=tcp \
    src-address-list=telnet_stage2
    add action=add-src-to-address-list address-list=telnet_stage2 \
    address-list-timeout=2m chain=input dst-port=23 protocol=tcp \
    src-address-list=telnet_stage1
    add action=add-src-to-address-list address-list=telnet_stage1 \
    address-list-timeout=1m chain=input dst-port=23 protocol=tcp

    Das könnte Ihnen auch gefallen