0% found this document useful (0 votes)

428 views

Basic Universal Firewall Script

This document provides instructions for setting up a basic universal firewall script. It includes creating an address list for IPs that will have full access, then defines firewall filter rules to protect against Syn floods, ICMP floods, port scans, email spam and more. The rules add dropping IPs to address lists if they trigger the filters, and allow access for established/related connections and DNS. The firewall is configured to jump or accept ICMP and give full access to the defined support address list.

Uploaded by

Cesar Rolando Gomez Rodas

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

428 views

Basic Universal Firewall Script

Uploaded by

Cesar Rolando Gomez Rodas

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 3

Basic universal firewall script.

HANDS ON! First we need to create our ADDRESS LIST with all IPs we will use most times
Below you need to change x.x.x.x/x for your technical subnet. This subnet will have full
access to the router.

/ip firewall address-list add address=10.0.10.1/30 disabled=no list=support

Now we have protection against: SynFlood, ICMP Flood, Port Scan, Email Spam and much
more. For more information read the comments.

ip firewall filter

/ip firewall filter

add action=add-src-to-address-list address-list=Syn_Flooder address-list-

timeout=30m chain=input comment="Add Syn Flood IP to the list" connection-
limit=30,32 protocol=\

tcp tcp-flags=syn

add action=drop chain=input comment="Drop to syn flood list" src-address-

list=Syn_Flooder

add action=add-src-to-address-list address-list=Port_Scanner address-list-

timeout=1w chain=input comment="Port Scanner Detect" protocol=tcp
psd=21,3s,3,1

add action=drop chain=input comment="Drop to port scan list" src-address-

list=Port_Scanner

add action=jump chain=input comment="Jump for icmp input flow" jump-

target=ICMP protocol=icmp

add action=accept chain=input comment="Allows access to winbox from the WAN

# DO NOT ENABLE THIS RULE IF YOU DO NOT WANT TO ACCESS FROM THE
INTERNET" disabled=yes \

dst-port=8291 in-interface="ISP ether10" protocol=tcp

add action=drop chain=input comment="Block all access to the winbox - except

to support list # DO NOT ENABLE THIS RULE BEFORE ADD YOUR SUBNET IN THE
SUPPORT ADDRESS LIST" \
disabled=yes dst-port=8291 protocol=tcp src-address-list=!support

add action=jump chain=forward comment="Jump for icmp forward flow" jump-

target=ICMP protocol=icmp

add action=drop chain=forward comment="Drop to bogon list" dst-address-

list=bogons

add action=drop chain=forward comment="Avoid spammers action" dst-

port=25,587 protocol=tcp src-address-list=spammers

add action=accept chain=input comment="Accept DNS - UDP" port=53

protocol=udp

add action=accept chain=input comment="Accept DNS - TCP" port=53

protocol=tcp

add action=accept chain=input comment="Accept to established connections"

connection-state=established

add action=accept chain=input comment="Accept to related connections"

connection-state=related

add action=accept chain=input comment="Full access to SUPPORT address list"

src-address-list=support

add action=drop chain=input comment="Drop anything else! # DO NOT ENABLE

THIS RULE BEFORE YOU MAKE SURE ABOUT ALL ACCEPT RULES YOU NEED"
disabled=yes

add action=accept chain=ICMP comment="Echo reply" icmp-options=0:0

protocol=icmp

add action=accept chain=ICMP comment="Time Exceeded" icmp-options=11:0

protocol=icmp

add action=accept chain=ICMP comment="Destination unreachable" icmp-

options=3:0-1 protocol=icmp

add action=accept chain=ICMP comment=PMTUD icmp-options=3:4

protocol=icmp

add action=drop chain=ICMP comment="Drop to the other ICMPs" protocol=icmp

I think this is basic. You can add or remove anything else according to your needs. I
hope it helps!

10.3.12 Lab - Configure ZPFs
No ratings yet
10.3.12 Lab - Configure ZPFs
12 pages
F-Secure: The Wi Fi Experiment
100% (1)
F-Secure: The Wi Fi Experiment
23 pages
Firewall MK
No ratings yet
Firewall MK
3 pages
Basic Universal Firewall Script - MikroTik Wiki PDF
No ratings yet
Basic Universal Firewall Script - MikroTik Wiki PDF
2 pages
Seting Basic Mikrotik Firewall
No ratings yet
Seting Basic Mikrotik Firewall
3 pages
Ip Firewall filter-MIKROTIK BLOQUEO DE VULNERABILIDADES
No ratings yet
Ip Firewall filter-MIKROTIK BLOQUEO DE VULNERABILIDADES
1 page
Firewall Filters: Las Reglas Más Básicas Que Debe Tener Un RB Mikrotik
No ratings yet
Firewall Filters: Las Reglas Más Básicas Que Debe Tener Un RB Mikrotik
3 pages
Workshop Firewall
No ratings yet
Workshop Firewall
10 pages
Mikrotik Firewall v6-0
No ratings yet
Mikrotik Firewall v6-0
16 pages
PCC LoadBalance3WANs
No ratings yet
PCC LoadBalance3WANs
4 pages
Bloqueo p2p
No ratings yet
Bloqueo p2p
2 pages
Firewall Mikrotik L3
No ratings yet
Firewall Mikrotik L3
5 pages
Ddos Detect Mikrotik
No ratings yet
Ddos Detect Mikrotik
30 pages
Block Whatsapp Con MikroTik
No ratings yet
Block Whatsapp Con MikroTik
1 page
Priorización de Trafico QoS - Manual Guias Mikrotik Funcionando Ok
No ratings yet
Priorización de Trafico QoS - Manual Guias Mikrotik Funcionando Ok
3 pages
Block Brute Force Attack in Mikrotik Router
No ratings yet
Block Brute Force Attack in Mikrotik Router
1 page
Mikrotik 4 WAN Load Balancing Using PCC Method
No ratings yet
Mikrotik 4 WAN Load Balancing Using PCC Method
4 pages
OSI Model For Data Communication: Er. Avinash Bhagat 9463281930
No ratings yet
OSI Model For Data Communication: Er. Avinash Bhagat 9463281930
49 pages
Using PCC To Load Balance Across Multiple Wan in Mikrotik
No ratings yet
Using PCC To Load Balance Across Multiple Wan in Mikrotik
4 pages
Script Blokir Virus Mikrotik
No ratings yet
Script Blokir Virus Mikrotik
1 page
Firewall Mikrotik Brute Force
No ratings yet
Firewall Mikrotik Brute Force
3 pages
Script Inicial Mikrotik
No ratings yet
Script Inicial Mikrotik
4 pages
Uso de Layer 7 Protocols
No ratings yet
Uso de Layer 7 Protocols
7 pages
Setting Up Internet Access Server On Basis of Mikrotik Routeros and Isp Billing System Netup Utm5
No ratings yet
Setting Up Internet Access Server On Basis of Mikrotik Routeros and Isp Billing System Netup Utm5
9 pages
BGP Configuration in Details
No ratings yet
BGP Configuration in Details
12 pages
Teldat M1CDU
No ratings yet
Teldat M1CDU
6 pages
Eigrp Lab
No ratings yet
Eigrp Lab
18 pages
CCNA Set by Set Configuration
No ratings yet
CCNA Set by Set Configuration
8 pages
Port Flooding Mikrotik
No ratings yet
Port Flooding Mikrotik
3 pages
Hardening Mikrotik
No ratings yet
Hardening Mikrotik
11 pages
As A Command Line Technical Guide
No ratings yet
As A Command Line Technical Guide
35 pages
Network Troubleshooting Using Packet Capture Utilities
No ratings yet
Network Troubleshooting Using Packet Capture Utilities
13 pages
Cisco IOS Commands
No ratings yet
Cisco IOS Commands
2 pages
Lab - Troubleshooting Inter-VLAN Routing (Instructor)
No ratings yet
Lab - Troubleshooting Inter-VLAN Routing (Instructor)
21 pages
Annisa Rezdky Andini Ab Xii TKJ 5
No ratings yet
Annisa Rezdky Andini Ab Xii TKJ 5
6 pages
Mplement Ontent Iltering: Lay Minh (Makito)
No ratings yet
Mplement Ontent Iltering: Lay Minh (Makito)
27 pages
Web Application Lecture Week 2 (A)
No ratings yet
Web Application Lecture Week 2 (A)
29 pages
How To Protect Your MikroTik RouterOS
No ratings yet
How To Protect Your MikroTik RouterOS
13 pages
IES 1248 71 - v3 50 - UsesGruide
No ratings yet
IES 1248 71 - v3 50 - UsesGruide
295 pages
Balanceo PCC Failover
No ratings yet
Balanceo PCC Failover
4 pages
Mtcna March 2013
No ratings yet
Mtcna March 2013
3 pages
Routing Introduction in BGP
No ratings yet
Routing Introduction in BGP
48 pages
GregSowell Mikrotik Security
No ratings yet
GregSowell Mikrotik Security
22 pages
IKE
No ratings yet
IKE
167 pages
Limiting Download File Extensions On Mikrotik
No ratings yet
Limiting Download File Extensions On Mikrotik
10 pages
Virus Port Mikrotik
No ratings yet
Virus Port Mikrotik
2 pages
PPPoE (PPP Over Ethernet)
No ratings yet
PPPoE (PPP Over Ethernet)
20 pages
Huawei AR Series Quick Configuration
No ratings yet
Huawei AR Series Quick Configuration
39 pages
Qos Indirecto
No ratings yet
Qos Indirecto
3 pages
Mikrotik Routeros Configuration Bandwidth Management For Games
100% (1)
Mikrotik Routeros Configuration Bandwidth Management For Games
26 pages
Mikrotik Script and Scheduler
No ratings yet
Mikrotik Script and Scheduler
2 pages
Balanceo PCC Con Failover
No ratings yet
Balanceo PCC Con Failover
3 pages
Manual VRRP Mikrotik
No ratings yet
Manual VRRP Mikrotik
29 pages
OSPF in MikroTik RouterOS V6: The Basics by Inquirinity
No ratings yet
OSPF in MikroTik RouterOS V6: The Basics by Inquirinity
4 pages
Mikro Firewall Defends
No ratings yet
Mikro Firewall Defends
1 page
Load Balancing + Proxy Eksternal (Game Poker & Poinblank LANCAR... !!)
100% (1)
Load Balancing + Proxy Eksternal (Game Poker & Poinblank LANCAR... !!)
11 pages
Reglas Firewall Basicas
No ratings yet
Reglas Firewall Basicas
3 pages
Firewall
No ratings yet
Firewall
6 pages
Ip VLN Routs
No ratings yet
Ip VLN Routs
8 pages
Regras Firewall
No ratings yet
Regras Firewall
2 pages
6 To 4
No ratings yet
6 To 4
7 pages
Mobile Computing Emerging Technologies
100% (1)
Mobile Computing Emerging Technologies
26 pages
Citect OPC Server PDF
No ratings yet
Citect OPC Server PDF
18 pages
Intelligent Distributed Intrusion Detection Systems: A White Paper by Nakul.S & Arvind.G
No ratings yet
Intelligent Distributed Intrusion Detection Systems: A White Paper by Nakul.S & Arvind.G
10 pages
7000XR Initial Training Course.
100% (1)
7000XR Initial Training Course.
8 pages
1 Getting Started Module Cheat Sheet
No ratings yet
1 Getting Started Module Cheat Sheet
6 pages
KT-400 Installation Manual DN1726-1003 EN PDF
No ratings yet
KT-400 Installation Manual DN1726-1003 EN PDF
48 pages
Ficha 228
No ratings yet
Ficha 228
30 pages
Notes Theory COMPUTER SCIENCE A LEVELS
100% (1)
Notes Theory COMPUTER SCIENCE A LEVELS
59 pages
On The Design of Web-Based Information and Booking System For Futsal Field Rental Business
No ratings yet
On The Design of Web-Based Information and Booking System For Futsal Field Rental Business
6 pages
NDM
No ratings yet
NDM
5 pages
ProxySQL Series: Query Cache With ProxySQL - Mydbops
No ratings yet
ProxySQL Series: Query Cache With ProxySQL - Mydbops
6 pages
IEEE Conference Template Example
No ratings yet
IEEE Conference Template Example
14 pages
2.4.3.4 Packet Tracer
No ratings yet
2.4.3.4 Packet Tracer
11 pages
Bidder FAQ
No ratings yet
Bidder FAQ
7 pages
Jobsheet KONFIGURASI DHCP RELAY
No ratings yet
Jobsheet KONFIGURASI DHCP RELAY
3 pages
Export Crystal Report To PDF in VB Net 2005
No ratings yet
Export Crystal Report To PDF in VB Net 2005
2 pages
Lab11 - Data Communication in Matlab
No ratings yet
Lab11 - Data Communication in Matlab
8 pages
PAN Manager Command Reference
No ratings yet
PAN Manager Command Reference
235 pages
IT--105 Final Exam Study Guide
No ratings yet
IT--105 Final Exam Study Guide
303 pages
SIP5 APN 022 - Time Synchronization Settings - en
No ratings yet
SIP5 APN 022 - Time Synchronization Settings - en
8 pages
Template For Generation of Questions Date: Module: J2SE Session No. 1 Q. No. 1
No ratings yet
Template For Generation of Questions Date: Module: J2SE Session No. 1 Q. No. 1
14 pages
Chip Jan12
No ratings yet
Chip Jan12
107 pages
Oracle RAC Architecture
100% (2)
Oracle RAC Architecture
26 pages
Ferchau It Skillplan e
No ratings yet
Ferchau It Skillplan e
2 pages
Internet of Things Security
100% (1)
Internet of Things Security
18 pages
RTac DBG
No ratings yet
RTac DBG
5 pages
Infrared Transmission PDF
No ratings yet
Infrared Transmission PDF
5 pages
Системы Жидкостного Охлаждения Supermicro
No ratings yet
Системы Жидкостного Охлаждения Supermicro
3 pages
Toaz - Info Information Technology Auditing 4th Edition James A Hall Test Bank PR
No ratings yet
Toaz - Info Information Technology Auditing 4th Edition James A Hall Test Bank PR
39 pages