Mikrotik episodio 6: Firewall Avanzado

En este episodio les enseño cómo configurar el firewall de manera avanzada para tener un mejor control del tráfico.

Recuerda dejarme un 👍 si te gustó el video, realmente me ayuda mucho a seguir creciendo!

¡Suscríbete! 👉

https://www.youtube.com/@thecyberbrot...

▬▬▬▬ LISTAS DE REPRODUCCIÓN ▬▬▬▬
📜Tutoriales Mikrotik ➔

   • Mikrotik episodio 01: Cómo Tener Tu Propio...  

▬▬▬▬▬ MIS REDES ▬▬▬▬▬
🐦 Twitter ➔

  / davidjeifetz  

Reglas de Firewall:

/ip firewall filter
add action=add-src-to-address-list address-list=Block-DDoS \
address-list-timeout=none-dynamic chain=input comment=" Block DDoS" \
connection-limit=32,32 disabled=yes protocol=tcp
add action=tarpit chain=input connection-limit=10,32 protocol=tcp \
src-address-list=Block-DDoS comment="" disabled=yes
add action=accept chain=input comment="Acceso winbox desde trunk" dst-port=\
8291 disabled=yes protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether4 log-prefix=\
DNS protocol=udp disabled=yes comment=" Bloquea consultas DNS desde Internet"
add action=accept chain=input disabled=yes comment=\
" Permite sesiones TCP input establecidas" connection-state=established
add action=accept chain=input comment=\
" Permite sesiones TCP input relacionadas" disabled=yes connection-state=related
add action=accept chain=input comment=" Acceso al DHCP server" disabled=yes dst-port=67-68 \
log-prefix="DHCP REQUEST" protocol=udp
add action=accept chain=input comment=\
" Permite utilizar el MK como DNS Server" disabled=yes dst-port=53 protocol=udp
add action=drop chain=input comment=" No permite sesiones TCP input invalidas" \
connection-state=invalid log-prefix="DROP INPUT INVALIDAS" disabled=yes
add action=drop chain=input comment=" DENIEGO TODO LO QUE ENTRE AL ROUTER Y NO \
EST\C9 EXPLICITAMENTE PERMITIDO" log-prefix="DROP INPUT" protocol=!icmp disabled=yes
add action=accept chain=forward comment=" Permite sesiones TCP establecidas" \
connection-state=established disabled=yes
add action=accept chain=forward comment=" Permite sesiones TCP relacionadas" \
connection-state=related disabled=yes
add action=accept chain=forward comment=" Permite PING" log-prefix=PING \
protocol=icmp disabled=yes
add action=accept chain=forward comment=" Permite HTTP" dst-port=80 protocol=\
tcp disabled=yes
add action=accept chain=forward comment=" Permite 587 Secure Mail" dst-port=587 \
protocol=tcp disabled=yes
add action=accept chain=forward comment=" Permite HTTPS" dst-port=443 \
protocol=tcp disabled=yes
add action=accept chain=forward comment=" Permite FTP" dst-port=21 protocol=\
tcp disabled=yes
add action=accept chain=forward comment=" Permite SSH" dst-port=22 protocol=\
tcp disabled=yes
add action=accept chain=forward comment=" Permite SSH 1122" dst-port=1122 \
protocol=tcp disabled=yes
add action=accept chain=forward comment=" Permite DNS" dst-port=53 protocol=\
udp disabled=yes
add action=accept chain=forward comment=" Permite SMTP" dst-port=25 protocol=\
tcp disabled=yes
add action=accept chain=forward comment=" Permite SMTP" dst-port=465 protocol=\
tcp disabled=yes
add action=accept chain=forward comment=" Permite POP3" dst-port=110 protocol=\
tcp disabled=yes
add action=accept chain=forward comment=" Permite POP3S" dst-port=995 \
protocol=tcp disabled=yes
add action=accept chain=forward comment=" Permite IMAP" dst-port=143 protocol=\
tcp disabled=yes
add action=accept chain=forward comment=" Permite IMAPS" dst-port=993 \
protocol=tcp disabled=yes
add action=accept chain=forward comment=" Permite RDP" dst-port=3389 protocol=\
tcp disabled=yes
add action=drop chain=forward comment=" DISABLED No permite sesiones TCP invalidas" \
connection-state=invalid disabled=yes log-prefix="DROP FORWARD INVALIDAS"
add action=drop chain=forward comment=" DENIEGO TODO LO QUE ATRAVIESE EL ROUTER\
\_Y NO EST\C9 EXPLICITAMENTE PERMITIDO" log=yes \
log-prefix="DROP FORWARD" disabled=yes