Mikrotik firewall (набор правил)

/ip firewall address-list
add address=0.0.0.0/8 comment=»Self-Identification [RFC 3330]» list=Bogons
add address=10.0.0.0/8 comment=»Private[RFC 1918] — CLASS A # Check if you need this subnet before enable it» list=Bogons


add address=127.0.0.0/8 comment=»Loopback [RFC 3330]» list=Bogons
add address=169.254.0.0/16 comment=»Link Local [RFC 3330]» list=Bogons
add address=172.16.0.0/12 comment=»Private[RFC 1918] — CLASS B # Check if you 
need this subnet before enable it» list=Bogons
add address=192.0.2.0/24 comment=»Reserved — IANA — TestNet1″ list=Bogons
add address=192.88.99.0/24 comment=»6to4 Relay Anycast [RFC 3068]» list=
Bogons
add address=198.18.0.0/15 comment=»NIDB Testing» list=Bogons
add address=198.51.100.0/24 comment=»Reserved — IANA — TestNet2″ list=Bogons
add address=203.0.113.0/24 comment=»Reserved — IANA — TestNet3″ list=Bogons
add address=224.0.0.0/4 comment=
«MC, Class D, IANA # Check if you need this subnet before enable it» 
list=Bogons
/ip firewall filter
add action=accept chain=forward comment=»defconf: accept established,related» 
   connection-state=established,related
add action=drop chain=forward comment=»defconf: drop invalid» 
   connection-state=invalid
add action=accept chain=input port=69 protocol=udp
add action=accept chain=forward port=69 protocol=udp
add action=drop chain=forward comment=
   «defconf:  drop all from WAN not DSTNATed» connection-nat-state=!dstnat 
   connection-state=new in-interface=ether1
add action=drop chain=forward comment=»Drop to bogon list» dst-address-list=
Bogons
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface=ether1

просто откройте терминал и вставьте туда эти правила, затем нажмите Enter.

Рубрика: jpg

Добавить комментарий