Firewall Untuk Keamanan Mikrotik

/ip firewall filter add chain=input connection-state=invalid action=drop comment=Drop_invalid_connections /ip firewall filter add chain=input protocol=udp action=accept comment=UDP /ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=Allow_limited_pings /ip firewall filter add chain=input protocol=icmp action=drop comment=Drop_excess_pings /ip firewall filter add chain=input protocol=tcp dst-port=21 src-addresslist=ournetwork action=accept comment=FTP /ip firewall filter add chain=input protocol=tcp dst-port=22 src-addresslist=ournetwork action=accept comment=SSH_for_secure_shell /ip firewall filter add chain=input protocol=tcp dst-port=23 src-addresslist=ournetwork action=accept comment=Telnet /ip firewall filter add chain=input protocol=tcp dst-port=80 src-addresslist=ournetwork action=accept comment=Web /ip firewall filter add chain=input protocol=tcp dst-port=8291 src-addresslist=ournetwork action=accept comment=winbox /ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=pptp-server /ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=Log_everything_else /ip firewall filter add chain=input protocol=tcp dst-port=23 src-addresslist=ournetwork action=accept comment=Telnet /ip firewall filter add chain=input protocol=tcp dst-port=80 src-addresslist=ournetwork action=accept comment=Web1 /ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection newconnection-mark=icmp-con passthrough=yes comment= bikin_cepat_ping_dan_dns /ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=pptp-server /ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=Logeverythingelse /ip firewall filter add chain=input protocol=tcp dst-port=8291 src-addresslist=ournetwork action=accept comment=winbox1
===========================================================================================================================

BLOCK NETCUT & CONFIKER

/ip firewall filter add action=accept chain=input comment="default configuration (anti netcut, defaultnya accept)" disabled=no protocol=icmp /ip firewall filter add chain=forward protocol=udp src-port=135-139 action=drop comment=";;Block W32.Kido - Conficker" disabled=no add chain=forward protocol=udp dst-port=135-139 action=drop comment="" disabled=no add chain=forward protocol=udp src-port=445 action=drop comment="" disabled=no add chain=forward protocol=udp dst-port=445 action=drop comment="" disabled=no add chain=forward protocol=tcp src-port=135-139 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=135-139 action=drop comment="" disabled=no add chain=forward protocol=tcp src-port=445 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=445 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=4691 action=drop comment="" disabled=no add chain=forward protocol=tcp dst-port=5933 action=drop comment="" disabled=no add chain=forward protocol=udp dst-port=5355 action=drop comment="Block LLMNR" disabled=no add chain=forward protocol=udp dst-port=4647 action=drop comment="" disabled=no add action=drop chain=forward comment="SMTP Deny" disabled=no protocol=tcp srcport=25 add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp /ip firewall filter add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=61.213.183.1-61.213.183.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=67.195.134.1-67.195.134.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=68.142.233.1-68.142.233.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=68.180.217.1-68.180.217.254 add action=accept chain=input comment=Anti-Netcut disabled=no dst-port=0-65535 dst-port=0-65535 dst-port=0-65535 dst-port=0-65535 dst-port=0-65535

protocol=tcp src-address=203.84.204.1-203.84.204.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=69.63.176.1-69.63.176.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=69.63.181.1-69.63.181.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=63.245.209.1-63.245.209.254 add action=accept chain=input comment=Anti-Netcut disabled=no protocol=tcp src-address=63.245.213.1-63.245.213.254

dst-port=0-65535 dst-port=0-65535 dst-port=0-65535 dst-port=0-65535

===========================================================================================================================

Detect and Block Hotspot Shield program traffic (vpn application)

/ip firewall mangle add action=add-dst-to-address-list address-list=WhiteList \ address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\ !127.0.0.1:895 disabled=no dst-port=80 protocol=tcp add action=add-src-to-address-list address-list=HotSpotShieldUsers \ address-list-timeout=12h chain=prerouting comment=HotSpotShieldUsers \ content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp add action=add-dst-to-address-list address-list=WhiteList \ address-list-timeout=4d4h chain=prerouting comment=WhiteList content=\ !127.0.0.1:895 disabled=no dst-port=443 protocol=tcp /ip firewall filter add action=drop chain=forward comment="\"Block HotSpot Shield\"" disabled=no \ src-address-list=HotSpotShieldUsers
===========================================================================================================================

Detect and Block UltraSurf program traffic

/ip firewall filter add action=drop chain=forward comment="Block UltraSurf" disabled=no dst-port=\ 443 protocol=tcp src-address-list=UltraSurfUsers /ip firewall mangle add action=add-src-to-address-list address-list=UltraSurfUsers \ address-list-timeout=5m chain=prerouting comment=UltraSurfUsers disabled=\ no dst-address-list=UltraSurfServers dst-port=443 protocol=tcp /ip firewall address-list add address=65.49.0.0/17 comment="" disabled=no list=UltraSurfServers add address=204.107.140.0/24 comment="" disabled=no list=UltraSurfServers
===========================================================================================================================

KEAMANAN MIKROTIK DARI SERANGAN VIRUS PORT

/ip firewall filter add chain=forward connection-state=invalid action=drop comment=drop_invalid_connections /ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=Drop_Blaster_Worm /ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=Worm /ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=Drop_Blaster_Worm /ip firewall filter add chain=virus protocol=udp dst-port=445 action=drop comment=Drop_Blaster_Worm /ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=________ /ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=__________ /ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment= Drop_MyDoom /ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=______ /ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=ndm requester /ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=ndm server /ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=screen cast /ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=hromgrafx

/ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=cichlid /ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=BagleVirus /ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=DropDumaruY /ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=DropBeagle /ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=DropBeagle_C-K /ip firewall filter add chain=virus protocol=tcp dst-port=3127 action=drop comment=DropMyDoom /ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=DropBackdoorOptixPro /ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=Worm1 /ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=Worm2 /ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=DropSasser /ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=DropBeagleB /ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=DropDabber-A-B /ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=DropMyDoom-B /ip firewall filter add chain=virus protocol=tcp dst-port=12345 action=drop comment=DropNetBus /ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=DropSubSeven /ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=DropPhatBot,Agobot,Gaobot /ip firewall filter add chain=forward action=jump jump-target=virus comment=jump to the virus chain
===========================================================================================================================

men stabilkan ping saat koneksi padat

/ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection newconnection-mark=ICMP_KONEKSI passthrough=yes comment="ICMP_KONEKSI" disabled=no /ip firewall mangle add chain=prerouting protocol=icmp connection-mark=ICMP_KONEKSI action=mark-packet new-packet-mark=ICMP_PAKET passthrough=no comment="ICMP_PAKET" disabled=no /queue tree add name="==KONDISI_PING==" parent=global-total packet-mark=ICMP_PAKET limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
===========================================================================================================================