Розмір відео: 1280 X 720853 X 480640 X 360
Показувати елементи керування програвачем
Автоматичне відтворення
Автоповтор
amigo el enalce me sale mal no veo lo mismo que usted
Puedes pasar el scrip x favor
copiar código aquí:/ip firewall filteradd action=add-src-to-address-list address-list=Syn_Flooder \ address-list-timeout=30m chain=input comment="Add Syn Flood IP to the list" \ connection-limit=30,32 protocol=tcp tcp-flags=synadd action=drop chain=input comment="Drop to syn flood list" src-address-list=\ Syn_Flooderadd action=add-src-to-address-list address-list=Port_Scanner \ address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=\ tcp psd=21,3s,3,1add action=drop chain=input comment="Drop to port scan list" src-address-list=\ Port_Scanneradd action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP \ protocol=icmpadd action=drop chain=input comment="Block all access to the winbox - except to \ support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT\ \_ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp src-address-list=\ !supportadd action=jump chain=forward comment="Jump for icmp forward flow" jump-target=\ ICMP protocol=icmpadd action=drop chain=forward comment="Drop to bogon list" dst-address-list=\ bogonsadd action=add-src-to-address-list address-list=spammers address-list-timeout=\ 3h chain=forward comment="Add Spammers to the list for 3 hours" \ connection-limit=30,32 dst-port=25,587 limit=30/1m,0 protocol=tcpadd action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \ protocol=tcp src-address-list=spammersadd action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udpadd action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcpadd action=accept chain=input comment="Accept to established connections" \ connection-state=establishedadd action=accept chain=input comment="Accept to related connections" \ connection-state=relatedadd action=accept chain=input comment="Full access to SUPPORT address list" \ src-address-list=supportadd action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS RU\ LE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" disabled=yesadd action=accept chain=ICMP comment=\ "Echo request - Avoiding Ping Flood, adjust the limit as needed" \ icmp-options=8:0 limit=2,5 protocol=icmpadd action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\ icmpadd action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \ protocol=icmpadd action=accept chain=ICMP comment="Destination unreachable" icmp-options=\ 3:0-1 protocol=icmpadd action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmpadd action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp
amigo el enalce me sale mal no veo lo mismo que usted
Puedes pasar el scrip x favor
copiar código aquí:
/ip firewall filter
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment="Add Syn Flood IP to the list" \
connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=drop chain=input comment="Drop to syn flood list" src-address-list=\
Syn_Flooder
add action=add-src-to-address-list address-list=Port_Scanner \
address-list-timeout=1w chain=input comment="Port Scanner Detect" protocol=\
tcp psd=21,3s,3,1
add action=drop chain=input comment="Drop to port scan list" src-address-list=\
Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" jump-target=ICMP \
protocol=icmp
add action=drop chain=input comment="Block all access to the winbox - except to \
support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE SUPPORT\
\_ADDRESS LIST" disabled=yes dst-port=8291 protocol=tcp src-address-list=\
!support
add action=jump chain=forward comment="Jump for icmp forward flow" jump-target=\
ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" dst-address-list=\
bogons
add action=add-src-to-address-list address-list=spammers address-list-timeout=\
3h chain=forward comment="Add Spammers to the list for 3 hours" \
connection-limit=30,32 dst-port=25,587 limit=30/1m,0 protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections" \
connection-state=established
add action=accept chain=input comment="Accept to related connections" \
connection-state=related
add action=accept chain=input comment="Full access to SUPPORT address list" \
src-address-list=support
add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE THIS RU\
LE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED" disabled=yes
add action=accept chain=ICMP comment=\
"Echo request - Avoiding Ping Flood, adjust the limit as needed" \
icmp-options=8:0 limit=2,5 protocol=icmp
add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0 protocol=\
icmp
add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0 \
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" icmp-options=\
3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD icmp-options=3:4 protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp