Scribd
Upload
350 views

Script Configuracion rB2011

This document contains firewall configuration rules that: 1. Mark network traffic for different protocols and services like HTTP, DNS, WoW, LoL with connection and packet marks for further filtering. 2. Implement port knocking mechanisms to open ports only if connections are made to preceding ports. 3. Filter traffic through rules like blocking proxy servers, spam sources and known attackers to prevent intrusions and abuse.

Uploaded by

Soldier
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
350 views

Script Configuracion rB2011

This document contains firewall configuration rules that: 1. Mark network traffic for different protocols and services like HTTP, DNS, WoW, LoL with connection and packet marks for further filtering. 2. Implement port knocking mechanisms to open ports only if connections are made to preceding ports. 3. Filter traffic through rules like blocking proxy servers, spam sources and known attackers to prevent intrusions and abuse.

Uploaded by

Soldier
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

# sep/05/2015 12:35:55 by RouterOS 6.

31
# software id = 5220-KR3D
#
/ip firewall mangle
add action=mark-routing chain=prerouting comment=\
"Raptor - Mangle ====================>" dst-port=80 in-interface=LAN \
new-routing-mark=raptor_route passthrough=no protocol=tcp
add action=mark-connection chain=forward comment="== RAPTORCACHE ==" content=\
"!X-Cache: HIT from Raptor" new-connection-mark=raptor-connection
add action=mark-packet chain=forward connection-mark=!raptor-connection \
new-packet-mark=raptor-packs passthrough=no
add action=mark-connection chain=forward comment="==SQUID - TOS 12==" dscp=\
!12 new-connection-mark=squid-connection
add action=mark-packet chain=forward connection-mark=!squid-connection \
new-packet-mark=squid-packs
add action=mark-connection chain=prerouting comment="ICMP (Ping)" \
new-connection-mark=icmp_conn protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp_conn \
new-packet-mark=icmp passthrough=no
add action=mark-connection chain=prerouting comment=DNS dst-port=53 \
new-connection-mark=dns_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns_conn \
new-packet-mark=dns passthrough=no
add action=mark-connection chain=prerouting comment=Http connection-bytes=\
0-500000 dst-port=80 new-connection-mark=http_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn \
new-packet-mark=http passthrough=no
add action=mark-connection chain=prerouting comment="Http Descarga" \
connection-bytes=500000-5000000 dst-port=80 new-connection-mark=\
http_conn_descarga protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn_descarga \
new-packet-mark=http_descarga passthrough=no
add action=mark-connection chain=prerouting comment=Https dst-port=443 \
new-connection-mark=https_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=https_conn \
new-packet-mark=https passthrough=no
add action=mark-connection chain=prerouting comment=WoW dst-port=\
3724,6112-6114,6881-6999 new-connection-mark=wow_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wow_conn \
new-packet-mark=wow passthrough=no
add action=mark-connection chain=prerouting dst-port=3724 \
new-connection-mark=wow_udp_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=wow_udp_conn \
new-packet-mark=wow_udp passthrough=no
add action=mark-connection chain=prerouting comment=LoL dst-port=\
2099,5222,5223,8393-8400 new-connection-mark=lol_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=lol_conn \
new-packet-mark=lol passthrough=no
add action=mark-connection chain=prerouting dst-port=5000-5500 \
new-connection-mark=lol_udp_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=lol_udp_conn \
new-packet-mark=lol_udp passthrough=no
add action=mark-connection chain=prerouting comment=Ventrilo dst-port=30572 \
new-connection-mark=vent_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=vent_conn \
new-packet-mark=ventrilo passthrough=no
add action=mark-connection chain=prerouting comment=MSN dst-port=1863 \
new-connection-mark=msn_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=msn_conn \
new-packet-mark=msn passthrough=no

add action=mark-connection chain=prerouting comment=Winbox dst-port=8291 \


new-connection-mark=winbox_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=winbox_conn \
new-packet-mark=winbox passthrough=no
add action=mark-connection chain=prerouting comment="Dragon Nest" dst-port=\
14300,14301,14403,7000,14500 new-connection-mark=dragon_nest_conn \
protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dragon_nest_conn \
new-packet-mark=dragon_nest passthrough=no
add action=mark-connection chain=prerouting dst-port=15100-15110 \
new-connection-mark=dragon_nest_udp_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=dragon_nest_udp_conn \
new-packet-mark=dragon_nest_udp passthrough=no
add action=mark-connection chain=prerouting comment=Otros \
new-connection-mark=otras_conn
add action=mark-packet chain=prerouting connection-mark=otras_conn \
new-packet-mark=other passthrough=no
# sep/05/2015 12:38:24 by RouterOS 6.31
# software id = 5220-KR3D
#
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here"
disabled=yes
add chain=forward comment="Acepta RaptorCache" src-address=192.168.11.0/24
add chain=input comment="*************Accept established connection packets" con
nection-state=established
add chain=input comment="Accept related connection packets" connection-state=rel
ated
add action=drop chain=input comment="Drop invalid packets" connection-state=inva
lid
add action=add-src-to-address-list address-list=ICMP address-list-timeout=1m cha
in=input comment="*************Start Port KnockingA By Rodrigo" disabled=yes pro
tocol=icmp
add action=add-src-to-address-list address-list="ICMP + Http" address-list-timeo
ut=2m chain=input disabled=yes dst-port=80 protocol=tcp src-address-list=ICMP
add action=drop chain=input comment="End Port KnockingA" disabled=yes dst-port=2
2,23,8291 protocol=tcp src-address-list="!ICMP + Http"
add action=add-src-to-address-list address-list=Temp1 address-list-timeout=5m ch
ain=input comment="*************Start Port KnockingB By Rodrigo" disabled=yes ds
t-port=1000 protocol=tcp
add action=add-src-to-address-list address-list=Temp1+Temp2 address-list-timeout
=5m chain=input disabled=yes dst-port=2000 protocol=tcp src-address-list=Temp1
add action=add-src-to-address-list address-list=Temp1+Temp2+Cantito address-list
-timeout=5m chain=input disabled=yes dst-port=3000 protocol=tcp src-address-list
=Temp1+Temp2
add action=drop chain=input comment="END Port KnockingB" disabled=yes dst-port=2
2,23,8291 protocol=tcp src-address-list=!Temp1+Temp2+Cantito
add chain=input comment="*************Permitir Protocolos ICMP" connection-limit
=15,32 icmp-options=0:0 limit=5,5 protocol=icmp
add chain=input icmp-options=8:0 limit=5,5 protocol=icmp
add chain=input icmp-options=3:3 limit=5,5 protocol=icmp
add chain=input icmp-options=11:0 limit=5,5 protocol=icmp
add chain=input icmp-options=3:4 limit=5,5 protocol=icmp
add action=drop chain=input protocol=icmp
add action=tarpit chain=input comment="*************Impedir Atacante DOS genere
nuevas conecxiones" protocol=tcp src-address-list="Lista Negra"
add action=add-src-to-address-list address-list="Lista Negra" address-list-timeo
ut=1d chain=input comment="Deteccion de DOS" connection-limit=100,32
add action=drop chain=forward comment="Block Atakante DOS" protocol=tcp src-addr
ess-list="Lista Negra"

add action=drop chain=input comment="*************Block Intrusos WebProxy" dst-p


ort=3128 in-interface=WAN protocol=tcp
add action=drop chain=input comment="Block Intrusos DNS" dst-port=53 in-interfac
e=WAN protocol=udp
add action=drop chain=forward comment="*************BLOCK SPAMMERS OR INFECTED U
SERS" dst-port=25 protocol=tcp src-address-list=spammer
add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
chain=forward comment="Detect and add-list SMTP virus or spammers" connection-li
mit=30,32 dst-port=25 limit=50,5 protocol=\
tcp
add action=jump chain=forward comment="jump to the virus chain" jump-target=viru
s
add chain=input comment="*************Permitir el Acceso al Router desde Redes C
onocidas" disabled=yes src-address-list="Permitir IPs for Access"
add action=drop chain=input comment="*************Drop all INPUT" disabled=yes
/ip firewall mangle
add action=mark-routing chain=prerouting comment="Raptor - Mangle ==============
======>" dst-port=80 in-interface=LAN new-routing-mark=raptor_route passthrough=
no protocol=tcp
add action=mark-connection chain=forward comment="== RAPTORCACHE ==" content="!X
-Cache: HIT from Raptor" new-connection-mark=raptor-connection
add action=mark-packet chain=forward connection-mark=!raptor-connection new-pack
et-mark=raptor-packs passthrough=no
add action=mark-connection chain=forward comment="==SQUID - TOS 12==" dscp=!12 n
ew-connection-mark=squid-connection
add action=mark-packet chain=forward connection-mark=!squid-connection new-packe
t-mark=squid-packs
add action=mark-connection chain=prerouting comment="ICMP (Ping)" new-connection
-mark=icmp_conn protocol=icmp
add action=mark-packet chain=prerouting connection-mark=icmp_conn new-packet-mar
k=icmp passthrough=no
add action=mark-connection chain=prerouting comment=DNS dst-port=53 new-connecti
on-mark=dns_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=dns_conn new-packet-mark
=dns passthrough=no
add action=mark-connection chain=prerouting comment=Http connection-bytes=0-5000
00 dst-port=80 new-connection-mark=http_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=http_conn new-packet-mar
k=http passthrough=no
add action=mark-connection chain=prerouting comment="Http Descarga" connection-b
ytes=500000-5000000 dst-port=80 new-connection-mark=http_conn_descarga protocol=
tcp
add action=mark-packet chain=prerouting connection-mark=http_conn_descarga new-p
acket-mark=http_descarga passthrough=no
add action=mark-connection chain=prerouting comment=Https dst-port=443 new-conne
ction-mark=https_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=https_conn new-packet-ma
rk=https passthrough=no
add action=mark-connection chain=prerouting comment=WoW dst-port=3724,6112-6114,
6881-6999 new-connection-mark=wow_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=wow_conn new-packet-mark
=wow passthrough=no
add action=mark-connection chain=prerouting dst-port=3724 new-connection-mark=wo
w_udp_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=wow_udp_conn new-packetmark=wow_udp passthrough=no
add action=mark-connection chain=prerouting comment=LoL dst-port=2099,5222,5223,
8393-8400 new-connection-mark=lol_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=lol_conn new-packet-mark
=lol passthrough=no

add action=mark-connection chain=prerouting dst-port=5000-5500 new-connection-ma


rk=lol_udp_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=lol_udp_conn new-packetmark=lol_udp passthrough=no
add action=mark-connection chain=prerouting comment=Ventrilo dst-port=30572 newconnection-mark=vent_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=vent_conn new-packet-mar
k=ventrilo passthrough=no
add action=mark-connection chain=prerouting comment=MSN dst-port=1863 new-connec
tion-mark=msn_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=msn_conn new-packet-mark
=msn passthrough=no
add action=mark-connection chain=prerouting comment=Winbox dst-port=8291 new-con
nection-mark=winbox_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=winbox_conn new-packet-m
ark=winbox passthrough=no
add action=mark-connection chain=prerouting comment="Dragon Nest" dst-port=14300
,14301,14403,7000,14500 new-connection-mark=dragon_nest_conn protocol=tcp
add action=mark-packet chain=prerouting connection-mark=dragon_nest_conn new-pac
ket-mark=dragon_nest passthrough=no
add action=mark-connection chain=prerouting dst-port=15100-15110 new-connectionmark=dragon_nest_udp_conn protocol=udp
add action=mark-packet chain=prerouting connection-mark=dragon_nest_udp_conn new
-packet-mark=dragon_nest_udp passthrough=no
add action=mark-connection chain=prerouting comment=Otros new-connection-mark=ot
ras_conn
add action=mark-packet chain=prerouting connection-mark=otras_conn new-packet-ma
rk=other passthrough=no
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
add action=masquerade chain=srcnat out-interface=RAPTORCACHE
add action=dst-nat chain=dstnat comment=SSH_Raptor disabled=yes dst-port=220 pro
tocol=tcp to-addresses=192.168.11.2 to-ports=22
add action=dst-nat chain=dstnat comment=WEBADMIN_Raptor disabled=yes dst-port=82
protocol=tcp to-addresses=192.168.11.2 to-ports=82
add action=masquerade chain=srcnat src-address=192.168.89.0/24
add action=masquerade chain=srcnat src-address=192.168.88.0/24
add action=masquerade chain=srcnat src-address=192.168.90.0/24
# sep/05/2015 12:39:20 by RouterOS 6.31
# software id = 5220-KR3D
#
/ip firewall nat
add action=masquerade chain=srcnat out-interface=WAN
add action=masquerade chain=srcnat out-interface=RAPTORCACHE
add action=dst-nat chain=dstnat comment=SSH_Raptor disabled=yes dst-port=220 pro
tocol=tcp to-addresses=192.168.11.2 to-ports=22
add action=dst-nat chain=dstnat comment=WEBADMIN_Raptor disabled=yes dst-port=82
protocol=tcp to-addresses=192.168.11.2 to-ports=82
add action=masquerade chain=srcnat src-address=192.168.89.0/24
add action=masquerade chain=srcnat src-address=192.168.88.0/24
add action=masquerade chain=srcnat src-address=192.168.90.0/24
# sep/05/2015 12:40:17 by RouterOS 6.31
# software id = 5220-KR3D
#
/queue simple
add max-limit=4M/4M name=RAPTOR packet-marks=raptor-packs target=""
add max-limit=4M/4M name=SQUID packet-marks=squid-packs target=""
# sep/05/2015 12:40:56 by RouterOS 6.31
# software id = 5220-KR3D
#

/queue tree
add max-limit=4M name=RaptorCache packet-mark=raptor-packs parent=global priorit
y=4 queue=default
add max-limit=4M name="Squid 3.x" packet-mark=squid-packs parent=global priority
=4 queue=default
add name=QoS_down parent=LAN priority=1
add limit-at=10M max-limit=12350k name=3QoS_down_Web parent=QoS_down priority=5
add name=2QoS_down_Games parent=QoS_down priority=2
add name=1QoS_down_VoIP parent=QoS_down priority=1
add name=QoS_up parent=WAN priority=1
add name=1QoS_up_VoIP parent=QoS_up priority=1
add name=2QoS_up_Games parent=QoS_up priority=2
add limit-at=5M max-limit=5512k name=3QoS_up_Web parent=QoS_up priority=5
add name="ICMP_(Ping)_up" packet-mark=icmp parent=1QoS_up_VoIP priority=1 queue=
default
add name=DNS_up packet-mark=dns parent=3QoS_up_Web priority=5 queue=default
add name=Http_up packet-mark=http parent=3QoS_up_Web priority=5 queue=default
add name=Https_up packet-mark=https parent=3QoS_up_Web priority=5 queue=default
add name=Otros_up packet-mark=other parent=3QoS_up_Web priority=6 queue=default
add name=WinBox packet-mark=winbox parent=1QoS_down_VoIP priority=2 queue=defaul
t
add name=MSN packet-mark=msn parent=3QoS_down_Web priority=5 queue=default
add name=LoL_udp packet-mark=lol_udp parent=2QoS_down_Games priority=2 queue=def
ault
add name=Ventrilo_up packet-mark=ventrilo parent=1QoS_up_VoIP priority=1 queue=d
efault
add name=WinBox_up packet-mark=winbox parent=1QoS_up_VoIP priority=2 queue=defau
lt
add name="Dragon Nest" packet-mark=dragon_nest parent=2QoS_down_Games priority=2
queue=default
add name=MSN_up packet-mark=msn parent=3QoS_up_Web priority=5 queue=default
add name="Dragon Nest_up" packet-mark=dragon_nest parent=2QoS_up_Games priority=
2 queue=default
add name="Dragon Nest_udp" packet-mark=dragon_nest_udp parent=2QoS_down_Games pr
iority=2 queue=default
add name="Dragon Nest_udp_up" packet-mark=dragon_nest_udp parent=2QoS_up_Games p
riority=2 queue=default
add name=LoL_up packet-mark=lol parent=2QoS_up_Games priority=2 queue=default
add name=LoL_udp_up packet-mark=lol_udp parent=2QoS_up_Games priority=2 queue=de
fault
add name=WoW_up packet-mark=wow parent=2QoS_up_Games priority=2 queue=default
add name=WoW_udp_up packet-mark=wow_udp parent=2QoS_up_Games priority=2 queue=de
fault
add name=Http_Descarga packet-mark=http_descarga parent=3QoS_down_Web priority=6
queue=default
add name="ICMP_(Ping)" packet-mark=icmp parent=1QoS_down_VoIP priority=1 queue=d
efault
add name=DNS packet-mark=dns parent=3QoS_down_Web priority=5 queue=default
add name=Http packet-mark=http parent=3QoS_down_Web priority=5 queue=default
add name=Https packet-mark=https parent=3QoS_down_Web priority=5 queue=default
add name=WoW packet-mark=wow parent=2QoS_down_Games priority=2 queue=default
add name=WoW_udp packet-mark=wow_udp parent=2QoS_down_Games priority=2 queue=def
ault
add name=LoL packet-mark=lol parent=2QoS_down_Games priority=2 queue=default
add name=Ventrilo packet-mark=ventrilo parent=1QoS_down_VoIP priority=1 queue=de
fault
add name=Otros packet-mark=other parent=3QoS_down_Web priority=7 queue=default

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy