Hello all,
I used all commands in this link: http://wiki.mikrotik.com/wiki/Protecting_your_customers
but still yahoo messenger running as well as some other ports.
I need to block all traffic except what I allowed explicitly.
Extra info: I running 3.2 with hotspot configured.
These are my rules:
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 X chain=forward action=drop src-address=192.168.2.0/24 in-interface=LAN
packet-mark=rar
2 ;;; allow
chain=forward action=accept connection-state=established
3 ;;; allow
chain=forward action=accept connection-state=related
4 ;;; Accept
chain=input action=accept connection-state=established
5 ;;; drop invalid connections
chain=forward action=drop connection-state=invalid
6 ;;; Drop
chain=virus action=drop protocol=udp dst-port=135-139
7 ;;; Drop
;;; Drop
chain=virus action=drop protocol=tcp dst-port=135-139
8 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=1433-1434
9 ;;; ________
chain=virus action=drop protocol=tcp dst-port=593
10 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1024-1030
11 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1214
12 ;;; hromgrafx
chain=virus action=drop protocol=tcp dst-port=1373
13 ;;; cichlid
chain=virus action=drop protocol=tcp dst-port=1377
14 ;;; Drop
chain=virus action=drop protocol=tcp dst-port=2745
15 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=4444
16 ;;; Worm
chain=virus action=drop protocol=udp dst-port=4444
17 ;;; Drop
chain=virus action=drop protocol=tcp dst-port=9898
18 ;;; Drop
chain=virus action=drop protocol=tcp dst-port=10000
19 ;;; Drop
chain=virus action=drop protocol=tcp dst-port=10080
20 ;;; Drop
chain=virus action=drop protocol=tcp dst-port=27374
21 ;;; Drop Blaster Worm
chain=virus action=drop protocol=tcp dst-port=135-139
22 ;;; Drop Messenger Worm
chain=virus action=drop protocol=udp dst-port=135-139
23 ;;; Drop Blaster Worm
chain=virus action=drop protocol=tcp dst-port=445
24 ;;; Drop Blaster Worm
chain=virus action=drop protocol=udp dst-port=445
25 ;;; ________
chain=virus action=drop protocol=tcp dst-port=593
26 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1024-1030
27 ;;; Drop MyDoom
chain=virus action=drop protocol=tcp dst-port=1080
28 ;;; ________
chain=virus action=drop protocol=tcp dst-port=1214
29 ;;; ndm requester
chain=virus action=drop protocol=tcp dst-port=1363
;;; ndm server
chain=virus action=drop protocol=tcp dst-port=1364
31 ;;; screen cast
chain=virus action=drop protocol=tcp dst-port=1368
32 ;;; hromgrafx
chain=virus action=drop protocol=tcp dst-port=1373
33 ;;; cichlid
chain=virus action=drop protocol=tcp dst-port=1377
34 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=1433-1434
35 ;;; Bagle Virus
chain=virus action=drop protocol=tcp dst-port=2745
36 ;;; Drop Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=2283
37 ;;; Drop Beagle
chain=virus action=drop protocol=tcp dst-port=2535
38 ;;; Drop Beagle.C-K
chain=virus action=drop protocol=tcp dst-port=2745
39 ;;; Drop MyDoom
chain=virus action=drop protocol=tcp dst-port=3127-3128
40 ;;; Drop Backdoor OptixPro
chain=virus action=drop protocol=tcp dst-port=3410
41 ;;; Worm
chain=virus action=drop protocol=tcp dst-port=4444
42 ;;; Worm
chain=virus action=drop protocol=udp dst-port=4444
43 ;;; Drop Sasser
chain=virus action=drop protocol=tcp dst-port=5554
44 ;;; Drop Beagle.B
chain=virus action=drop protocol=tcp dst-port=8866
45 ;;; Drop Dabber.A-B
chain=virus action=drop protocol=tcp dst-port=9898
46 ;;; Drop Dumaru.Y
chain=virus action=drop protocol=tcp dst-port=10000
47 ;;; Drop MyDoom.B
chain=virus action=drop protocol=tcp dst-port=10080
48 ;;; Drop NetBus
chain=virus action=drop protocol=tcp dst-port=12345
49 ;;; Drop Kuang2
chain=virus action=drop protocol=tcp dst-port=17300
50 ;;; Drop SubSeven
chain=virus action=drop protocol=tcp dst-port=27374
51 ;;; Drop PhatBot, Agobot, Gaobot
chain=virus action=drop protocol=tcp dst-port=65506
52 ;;; Allow HTTP
chain=forward action=accept protocol=tcp dst-port=80
53 ;;; Allow SMTP
chain=forward action=accept protocol=tcp dst-port=25
54 ;;; allow TCP
chain=forward action=accept protocol=tcp
55 ;;; allow ping
chain=forward action=accept protocol=icmp
56 ;;; allow udp
chain=forward action=accept protocol=udp
57 ;;; Allow HTTPs
chain=forward action=accept protocol=tcp dst-port=443
58 ;;; Allow pop3
chain=forward action=accept protocol=tcp dst-port=110
59 ;;; Allow smtp ssl
chain=forward action=accept protocol=tcp dst-port=465
60 ;;; drop everything else
chain=forward action=drop
61 ;;; jump to the virus chain
chain=forward action=jump jump-target=virus
thanks
Re: protect your customers via mikrotik
yahoo messenger will use port 80 if other ports are blocked.
Re: protect your customers via mikrotik
yahoo port is an example only while I want to deny all traffic except what I know.
Re: protect your customers via mikrotik
You are allowing all tcp, all udp and all icpm traffic in forward chain. If you want to allow only specific tcp and udp ports the remove those rules:
54 ;;; allow TCP
chain=forward action=accept protocol=tcp
55 ;;; allow ping
chain=forward action=accept protocol=icmp
56 ;;; allow udp
chain=forward action=accept protocol=udp
54 ;;; allow TCP
chain=forward action=accept protocol=tcp
55 ;;; allow ping
chain=forward action=accept protocol=icmp
56 ;;; allow udp
chain=forward action=accept protocol=udp
Who is online
Users browsing this forum: erlinden and 115 guests