Rule Firewall Mikrotik blok Conficker
rule conficker by xxvr
1. besarkan memory cache
/ip dns set cache-size=20480
2. Buat schedule untuk auto flush dns cache
:local a [ /ip dns get cache-used ];
:if ($a>=2048) do { /ip dns cache flush };
3. IP yang scr-conficker
/ip firewall address
add address=64.70.19.33 list=conficker
add address=66.90.81.140 list=conficker
add address=72.167.51.186 list=conficker
add address=74.208.46.216 list=conficker
add address=74.208.64.145 list=conficker
add address=83.68.16.6 list=conficker
add address=97.74.200.45 list=conficker
add address=143.215.143.11 list=conficker
add address=149.20.56.32 list=conficker
add address=199.2.137.252 list=conficker
add address=205.188.161.4 list=conficker
add address=221.7.91.31 list=conficker
4. firewall untuk mencari conficker yang bersarang pada pc Client
/ip firewall filter
add chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d comment="ADD to address-list src-conficker"
5. time out conficker pada add list
/ip firewall filter print
chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d
chain=forward action=jump jump-target=tcp protocol=tcp
chain=forward action=jump jump-target=udp protocol=udp
chain=forward action=jump jump-target=icmp protocol=icmp
/ip firewall filter
add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.1.30/24 action=accept comment="Allow semua akses internet to client" disabled=no
add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no
add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no
add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no
6. untuk remove duplicate rule conficker.
:if ( [:pick $line 0 1] != "\n" ) do={
:local entry [:pick $line 0 ($lineEnd ) ]
:if ( [:len $entry ] > 0 ) do={
:local listip [:resolve "$entry"]
:if ($listip != "failure" ) do={
:if ((/ip firewall address-list find list=daily-conficker address=$listip) = "") do={
/ip firewall address-list add list=daily-conficker address=$listip comment=$entry
:log info "$listip"
} else={:log info "duplicate IP $entry"}
}
}
}
} while ($lineEnd < $contentLen)
}
:log info "Address List Modification Complete"
#cleaning up
/file remove "$month-$day-$year.txt"
1. besarkan memory cache
/ip dns set cache-size=20480
2. Buat schedule untuk auto flush dns cache
:local a [ /ip dns get cache-used ];
:if ($a>=2048) do { /ip dns cache flush };
3. IP yang scr-conficker
/ip firewall address
add address=64.70.19.33 list=conficker
add address=66.90.81.140 list=conficker
add address=72.167.51.186 list=conficker
add address=74.208.46.216 list=conficker
add address=74.208.64.145 list=conficker
add address=83.68.16.6 list=conficker
add address=97.74.200.45 list=conficker
add address=143.215.143.11 list=conficker
add address=149.20.56.32 list=conficker
add address=199.2.137.252 list=conficker
add address=205.188.161.4 list=conficker
add address=221.7.91.31 list=conficker
4. firewall untuk mencari conficker yang bersarang pada pc Client
/ip firewall filter
add chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d comment="ADD to address-list src-conficker"
5. time out conficker pada add list
/ip firewall filter print
chain=forward action=add-src-to-address-list dst-address-list=conficker address-list=src-conficker address-list-timeout=3d
chain=forward action=jump jump-target=tcp protocol=tcp
chain=forward action=jump jump-target=udp protocol=udp
chain=forward action=jump jump-target=icmp protocol=icmp
/ip firewall filter
add chain=forward in-interface=Wan out-interface=Lan dst-address=192.168.1.30/24 action=accept comment="Allow semua akses internet to client" disabled=no
add chain=input in-interface=Wan protocol=tcp dst-port=8291 action=accept comment="Allow Remote winbox dari Publik" disabled=no
add chain=input in-interface=Wan protocol=udp src-port=53 action=accept comment="Allow DNS Traffic" disabled=no
add chain=input in-interface=Wan protocol=icmp action=accept comment="Allow Ping Traceroute Traffic" disabled=no
add chain=input in-interface=Wan connection-state=new action=add-src-to-address-list address-list=spam address-list-timeout=30m comment="Log Ip Yang Di Tolak" disabled=no
add chain=input in-interface=Wan action=drop comment="Drop Semua Akses yang tidak di ijinkan" disabled=no
6. untuk remove duplicate rule conficker.
:if ( [:pick $line 0 1] != "\n" ) do={
:local entry [:pick $line 0 ($lineEnd ) ]
:if ( [:len $entry ] > 0 ) do={
:local listip [:resolve "$entry"]
:if ($listip != "failure" ) do={
:if ((/ip firewall address-list find list=daily-conficker address=$listip) = "") do={
/ip firewall address-list add list=daily-conficker address=$listip comment=$entry
:log info "$listip"
} else={:log info "duplicate IP $entry"}
}
}
}
} while ($lineEnd < $contentLen)
}
:log info "Address List Modification Complete"
#cleaning up
/file remove "$month-$day-$year.txt"
0 komentar:
Posting Komentar