chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 src-address-list=!spammer action=add-src-to-address-list
address-list=spammer address-list-timeout=1d
/ip firewall nat chain=srcnat out-interface=â€your interface which provides internet†src-address=â€network 1? action=masquerade
you need to add chains for each subnet you have ,for the head office subnet you need to add this
/ip firewall nat chain=srcnat out-interface=â€your interface which provides internet†action=masquerade
/ ip firewall mangle
add chain=prerouting dst-address=192.168.0.1 protocol=udp dst-port=5060-5080
action=mark-connection new-connection-mark=voip-con passthrough=yes
comment=â€â€ disabled=no
add chain=prerouting dst-address=192.168.0.1 protocol=udp
dst-port=19000-20000 action=mark-connection new-connection-mark=voip-con
passthrough=yes comment=â€â€ disabled=no
add chain=prerouting connection-mark=voip-con action=mark-packet
new-packet-mark=voip passthrough=no comment=â€â€ disabled=no
add chain=prerouting protocol=tcp dst-port=22-23 action=mark-connection
new-connection-mark=sshtelnet-con passthrough=yes comment=â€â€ disabled=no
add chain=prerouting connection-mark=sshtelnet-con action=mark-packet
new-packet-mark=sshtelnet passthrough=no comment=â€â€ disabled=no
add chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=p2p-con passthrough=yes comment=â€â€ disabled=no
add chain=prerouting connection-mark=p2p-con action=mark-packet
new-packet-mark=p2p passthrough=no comment=â€â€ disabled=no
add chain=prerouting action=mark-connection new-connection-mark=everything-con
passthrough=yes comment=â€â€ disabled=no
add chain=prerouting connection-mark=everything-con action=mark-packet
new-packet-mark=everything passthrough=yes comment=â€â€ disabled=no
==========================================================================
/ ip firewall filter
add chain=forward action=add-src-to-address-list dst-port=25 protocol=tcp \
src-address-list=spammer address-list=WasASpammerOnce \
address-list-timeout=0s comment="Log Spammer to address list for future \
investigation" disabled=no
add chain=forward action=tarpit dst-port=25 protocol=tcp \
src-address-list=spammer comment="BLOCK SPAMMERS OR INFECTED USERS" \
disabled=no
add chain=forward action=add-src-to-address-list dst-port=25 protocol=tcp \
connection-limit=30,32 limit=50,5 src-address-list=!WhiteListed \
address-list=spammer address-list-timeout=30m comment="Detect and add-list \
SMTP virus or spammers" disabled=no
==========================================================================
Nice info By : http://wiki.mikrotik.com/wiki/How_to_autodetect_infected_or_spammer_users_and_temporary_block_the_SMTP_output
-
Tidak ada komentar:
Posting Komentar