Blokir Port di Mikrotik

Ini Kode dapat dari IT Expert dari Padang Sumatera Barat, Namanya HARINTO, ST, Panggilan Senthod atau Karcuk(Ini Panggilan Kesayangan), Kode ini selain memblokir PORT penting di Mikrotik juga sebagai Penangkal Virus di Local Area Network anda. SIlahkan Copy Paste Code dibawah ini di Terminal Mikrotik anda.

[codesyntax lang=”html4strict”]

/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=drop chain=forward comment="Block Bogus IP Address" disabled=no src-address=0.0.0.0/8
add action=drop chain=forward disabled=no dst-address=0.0.0.0/8
add action=drop chain=forward disabled=no src-address=127.0.0.0/8
add action=drop chain=forward disabled=no dst-address=127.0.0.0/8
add action=drop chain=forward disabled=no src-address=224.0.0.0/3
add action=drop chain=forward disabled=no dst-address=224.0.0.0/3
add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=11:0 protocol=icmp
add action=drop chain=forward comment="Drop Traceroute" disabled=no icmp-options=3:3 protocol=icmp
add action=drop chain=input comment="Drop SSH brute forcers" disabled=no dst-port=22 protocol=tcp src-address-list=
    ssh_blacklist
add action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=1w3d chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage3
add action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage2
add action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp src-address-list=ssh_stage1
add action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m chain=input connection-state=new
    disabled=no dst-port=22 protocol=tcp
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input comment=
    "Port Scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input disabled=no protocol=
    tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input disabled=no src-address-list="port scanners"
add action=drop chain=input comment="Filter FTP to Box" disabled=no dst-port=21 protocol=tcp src-address-list=
    ftp_blacklist
add action=accept chain=output content="530 Login incorrect" disabled=no dst-limit=1/1m,9,dst-address/1m protocol=tcp
add action=add-dst-to-address-list address-list=ftp_blacklist address-list-timeout=3h chain=output content=
    "530 Login incorrect" disabled=no protocol=tcp
add action=jump chain=forward comment="Separate Protocol into Chains" disabled=no jump-target=tcp protocol=tcp
add action=jump chain=forward disabled=no jump-target=udp protocol=udp
add action=jump chain=forward disabled=no jump-target=icmp protocol=icmp
add action=jump chain=input disabled=no jump-target=tcp protocol=tcp
add action=jump chain=input disabled=no jump-target=udp protocol=udp
add action=drop chain=udp comment="Blocking UDP Packet" disabled=no dst-port=69 protocol=udp
add action=drop chain=udp disabled=no dst-port=111 protocol=udp
add action=drop chain=udp disabled=no dst-port=135 protocol=udp
add action=drop chain=udp disabled=no dst-port=445 protocol=udp
add action=drop chain=udp disabled=no dst-port=135-139 protocol=udp
add action=drop chain=udp disabled=no dst-port=2049 protocol=udp
add action=drop chain=udp disabled=no dst-port=3133 protocol=udp
add action=drop chain=tcp comment="Bloking TCP Packet" disabled=no dst-port=25 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=69 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=111 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=135 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=119 protocol=tcp
add action=add-src-to-address-list address-list=virus_conficker address-list-timeout=2m chain=tcp comment=
    "Tangkap Virus Conficker" disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=445 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=445 protocol=udp
add action=drop chain=tcp disabled=no dst-port=2049 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=12345-12346 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=20034 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=3133 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=67-68 protocol=tcp
add action=accept chain=icmp comment="Limited Ping Flood" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=icmp disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=drop chain=icmp disabled=no protocol=icmp
add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no dst-address-type=broadcast
add action=accept chain=input comment="Connection State" connection-state=established disabled=no
add action=accept chain=icmp disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=accept chain=input connection-state=related disabled=no
add action=accept chain=input disabled=no limit=50/5s,2 protocol=icmp
add action=drop chain=input connection-state=invalid disabled=no
add action=add-src-to-address-list address-list=virus_blaster address-list-timeout=2m chain=tcp comment=
    "Tangkap Virus Blaster" disabled=no dst-port=7000 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=7000 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=7000 protocol=udp
add action=drop chain=tcp comment="Blok Port POP3" disabled=no dst-port=1110 protocol=tcp
add action=drop chain=tcp disabled=no dst-port=1110 protocol=udp

[/codesyntax]