Scribd
Upload
530 views2 pages

Mikrotik - Filter Firewall

This document contains firewall configuration rules for filtering network traffic. It defines rules for logging, limiting, and dropping traffic based on protocols, ports, flags, and address lists. Specific rules target detecting and mitigating DDoS attacks, spam, port scanning, and invalid network traffic. Address lists are used to log sources and block future access from suspicious IP addresses.

Uploaded by

Shafiqul Islam Sajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
530 views2 pages

Mikrotik - Filter Firewall

This document contains firewall configuration rules for filtering network traffic. It defines rules for logging, limiting, and dropping traffic based on protocols, ports, flags, and address lists. Specific rules target detecting and mitigating DDoS attacks, spam, port scanning, and invalid network traffic. Address lists are used to log sources and block future access from suspicious IP addresses.

Uploaded by

Shafiqul Islam Sajib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

/ip firewall filter

add action=add-src-to-address-list address-list="R&D-BZL-Adser DDoS Protect"


address-list-timeout=4w2d chain=input connection-limit=30,32 log=yes protocol=tcp
add action=tarpit chain=input comment="BZL _R&D Advisor" connection-limit=30,32
log=yes protocol=tcp src-address-list="R&D-BZL-Adser DDoS Protect"
add action=drop chain=input dst-port=53 protocol=udp
add action=add-src-to-address-list address-list=Syn_Flooder address-list-
timeout=4w2d chain=input comment="Add Syn Flood IP to the list" connection-
limit=30,32 protocol=\
tcp tcp-flags=syn
add action=add-src-to-address-list address-list=Port_Scanner address-list-
timeout=4w2d chain=input comment="Port Scanner Detect" protocol=tcp psd=21,3s,3,1
add action=drop chain=input dst-port=53 protocol=tcp
add action=drop chain=input comment="Drop to syn flood list" src-address-
list=Syn_Flooder
add action=drop chain=input comment="Drop to port scan list" src-address-
list=Port_Scanner
add action=jump chain=input comment="Jump for icmp input flow" disabled=yes jump-
target=ICMP protocol=icmp
add action=jump chain=forward comment="Jump for icmp forward flow" disabled=yes
jump-target=ICMP protocol=icmp
add action=drop chain=forward comment="Drop to bogon list" disabled=yes dst-
address-list=bogons
add action=add-src-to-address-list address-list=spammers address-list-timeout=4w2d
chain=forward comment="Add Spammers to the list for 3 hours" connection-limit=30,32
\
dst-port=25,587 limit=30/1m,0:packet protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587
protocol=tcp src-address-list=spammers
add action=accept chain=input comment="Accept DNS - UDP" port=53 protocol=udp
add action=accept chain=input comment="Accept DNS - TCP" port=53 protocol=tcp
add action=accept chain=input comment="Accept to established connections"
connection-state=established disabled=yes
add action=accept chain=input comment="Accept to related connections" connection-
state=related disabled=yes
add action=accept chain=input comment="Full access to SUPPORT address list"
disabled=yes src-address-list=support
add action=accept chain=ICMP comment="Echo request - Avoiding Ping Flood" icmp-
options=8:0 limit=1,5:packet protocol=icmp
add action=accept chain=ICMP comment="Echo reply" disabled=yes icmp-options=0:0
protocol=icmp
add action=accept chain=ICMP comment="Time Exceeded" disabled=yes icmp-options=11:0
protocol=icmp
add action=accept chain=ICMP comment="Destination unreachable" disabled=yes icmp-
options=3:0-1 protocol=icmp
add action=accept chain=ICMP comment=PMTUD disabled=yes icmp-options=3:4
protocol=icmp
add action=drop chain=ICMP comment="Drop to the other ICMPs" disabled=yes
protocol=icmp
add action=jump chain=output comment="Jump for icmp output" disabled=yes jump-
target=ICMP protocol=icmp
add action=add-src-to-address-list address-list="Syn_Flooders " address-list-
timeout=4w2d chain=input comment="Add IP in Syn Flooders List for 30 Min"
connection-limit=\
30,32 protocol=tcp tcp-flags=syn
add action=add-src-to-address-list address-list="Syn_Flooders " address-list-
timeout=4w2d chain=input comment="Add IP in Syn Flooders List for 30 Min"
connection-limit=\
30,32 protocol=udp
add action=drop chain=input comment="Drop Syn Flooders" src-address-
list="Syn_Flooders "
add action=add-src-to-address-list address-list=Rule-55 address-list-timeout=4w2d
chain=input comment="Block Spamming from using IPs configured in Mikrotik
interface" \
dst-port=25,587 protocol=tcp
add action=add-dst-to-address-list address-list=Rule-55 address-list-timeout=4w2d
chain=input comment="Block Spamming from using IPs configured in Mikrotik
interface" \
dst-port=25,587 protocol=tcp
add action=drop chain=input comment="Block Spamming from using IPs configured in
Mikrotik interface" dst-port=25,587 protocol=tcp
add action=add-src-to-address-list address-list=Port_Scanner address-list-
timeout=8w4d chain=input comment="Add IP in Port Scanner List for 7 Days"
protocol=tcp psd=\
21,3s,3,1
add action=accept chain=input comment="Allow all icmp" disabled=yes protocol=icmp
add action=accept chain=input comment="Accept Established and related " connection-
state=established,related disabled=yes
add action=add-src-to-address-list address-list=spammers address-list-timeout=4w2d
chain=forward comment="Add Spammers to the list for 3 hours" connection-limit=30,32
\
dst-port=25,587 limit=30/1m,0:packet protocol=tcp
add action=add-dst-to-address-list address-list=spammers-dst address-list-
timeout=4w2d chain=forward comment="Add Spammers to the list for 3 hours"
connection-limit=30,32 \
dst-port=25,587 limit=30/1m,0:packet protocol=tcp
add action=accept chain=forward disabled=yes protocol=icmp
add action=accept chain=input disabled=yes dst-port=8291 protocol=tcp
add action=drop chain=input disabled=yes dst-port=21-23 protocol=tcp src-address-
list=!DNS-RTR-ALLOW
add action=drop chain=input dst-port=21-23 protocol=udp src-address-list=!DNS-RTR-
ALLOW
add action=drop chain=input connection-state=invalid disabled=yes
add action=drop chain=forward connection-state=invalid disabled=yes
add action=add-src-to-address-list address-list=SUSPECTEDSPAMBOT address-list-
timeout=4w2d chain=forward connection-limit=50,32 dst-port=25 limit=50,5:packet
protocol=tcp
add action=drop chain=forward connection-limit=0,0 disabled=yes dst-
address=43.245.142.128/26 src-address=10.0.30.0/24
add action=drop chain=forward connection-limit=50,32 disabled=yes limit=50,5:packet
src-address-list=SUSPECTEDSPAMBOT
add action=jump chain=forward connection-state=new disabled=yes jump-target=detect-
ddos-ips
add action=return chain=detect-ddos-ips dst-limit=32,32,src-and-dst-addresses/10s
add action=add-dst-to-address-list address-list=ddos-target address-list-
timeout=4w2d chain=detect-ddos-ips
add action=add-src-to-address-list address-list=ddos-src address-list-timeout=4w2d
chain=detect-ddos-ips

You might also like