In the firewall script for the security of the Mikrotik Cloud Hosted Router above, we block all scanner ports, allowing access to WWW, Winbox, SSTP, L2TP, and PPTP, if there is anything you don’t want to allow you can delete it using WinBox. "Allow the Private IP ranges to be forwarded by the router" \Īdd action=drop chain=forward comment="Drop everything else on WAN1" \ "Check for bad stuff in \"Attack\" chain" jump-target=Attacks ![]() Perlu diketahui instalasi CHR ini membutuhkan lisensi mikrotik untuk menggunakan fitur yang disediakan secara lebih sempurna, namun Anda tidak perlu kuatir dikarenakan secara default sudah disediakan lisensi free. "Allow current valid connections as well as valid related packets" \Īdd action=accept chain=input comment="Allow WWW" dst-port=80 protocol=tcpĪdd action=accept chain=input comment="Allow Winbox" dst-port=8291 protocol=\Īdd action=accept chain=input comment="Allow L2TP VPN Protocol" dst-port=\Īdd action=accept chain=input comment="Allow L2TP Protocol \"IPSec\"" \Īdd action=accept chain=input comment="Allow VPN PPTP" disabled=yes dst-port=\Īdd action=accept chain=input comment="Allow VPN SSTP" dst-port=443 protocol=\Īdd chain=input comment="Allow the Private IP ranges to access the router" \Ĭonnection-state=new src-address-list=PrivateIPĪdd chain=input comment="Allow ICMP Response" icmp-options=8:0 protocol=icmpĪdd action=drop chain=input comment="Drop everything else by default" VPS tersebut bisa menggunakan sistem operasi CentOs 7/8, Ubuntu 16/18, dll. "Invalid packets (No valid current connection)" connection-state=invalidĪdd action=drop chain=Attacks comment="Invalid TCP flag combo" protocol=tcp \Īdd action=drop chain=Attacks comment="Invalid TCP source port (0)" protocol=\Īdd action=drop chain=Attacks comment="Invalid TCP destination port (0)" \Īdd action=drop chain=Attacks comment="Invalid UDP source port (0)" protocol=\Īdd action=drop chain=Attacks comment="Invalid UDP destination port (0)" \Īdd action=return chain=Attacks comment="Return to the chain that jumped"Īdd action=jump chain=input comment="Check for bad stuff in \"Attack\" chain" \ Paste this firewall rule script in your WinBo Terminal: /ip firewall filter ip firewall address-listĪdd address= 192.168.88.0/24 list= PrivateIP CHR MikroTik Firewall Rule ![]() Panduan dasar Mikrotik CHR yang pertama, yaitu kamu perlu menyambungkan ke Mikrotik CHR menggunakan Winbox terlebih dulu. Jika belum, kamu bisa melakukan instalasi dari artikel Dewaweb, untuk CentOS 7 dan CentOS 8. Change 192.168.88.0/24 with your network setting. Memiliki VPS yang sudah ter-install Mikrotik CHR.
0 Comments
Leave a Reply. |