pena2008 nezaposlen
Član broj: 171603 Poruke: 46 *.dsl.optinet.hr.
|
Zakljucio sam kad stavku pod brojem 22 disebliram net vpn korisnicima proradi. Za vpn je ovoren port 1723 i protocol 47 dali jos sta treba.
2 ;;; Drop SCANNER
chain=input action=drop protocol=tcp
src-address-list=Scanner
3 ;;; Log SCANNER
chain=input action=log protocol=tcp
in-interface=Opti_Internet
dst-port=23,25,80,110,445,137,138,139
log-prefix=""SCANNER""
4 ;;; Add to SCANNER list
chain=input action=add-src-to-address-list
protocol=tcp address-list=Scanner
address-list-timeout=1d in-interface=Opti_Internet
dst-port=23,25,80,110,445,137,138,139
5 ;;; Drop after add to SCANNER
chain=input action=drop protocol=tcp
in-interface=Opti_Internet
dst-port=23,25,80,110,445,137,138,139
6 ;;; Accept established connections
chain=input action=accept
connection-state=established
7 ;;; Accept related connections
chain=input action=accept connection-state=related
8 ;;; Accept Winbox
chain=input action=accept protocol=tcp
dst-port=8291
9 ;;; Accept Web Winbox
chain=input action=accept protocol=tcp dst-port=881
10 X ;;; VPN UDP 500
chain=input action=accept protocol=udp dst-port=500
11 ;;; VPN TCP 443
chain=input action=accept protocol=tcp dst-port=443
12 ;;; VPN TCP 1723
chain=input action=accept connection-state=new
protocol=tcp dst-port=1723 connection-type=pptp
13 chain=input action=accept connection-state=new
protocol=gre connection-type=pptp
14 ;;; Allow limited pings
chain=input action=accept protocol=icmp
limit=50/5s,2
15 ;;; From our LAN
chain=input action=accept src-address=10.44.0.0/16
in-interface=ether_local
16 ;;; Drop invalid connections
chain=input action=drop connection-state=invalid
17 ;;; UDP
chain=input action=accept protocol=udp
18 ;;; LOG SMTP virus or spammers
chain=forward action=log protocol=tcp dst-port=25
connection-limit=5,32 limit=5,2
log-prefix="SPAMMER"
19 ;;; Detect and add-list SMTP virus or spammers
chain=forward action=add-src-to-address-list
protocol=tcp address-list=Spamer
address-list-timeout=1d dst-port=25
connection-limit=5,32 limit=5,2
20 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward action=drop protocol=tcp
src-address-list=Spamer dst-port=25
21 ;;; Drop excess pings
chain=input action=drop protocol=icmp
22 X ;;; Drop everything else
chain=input action=drop
23 ;;; da nije slucajno otvoren proxy
chain=input action=drop protocol=tcp
in-interface=Opti_Internet dst-port=8080
|