Firewall Chain Input
(Perintah jika ingin router tidak bisa diakses oleh internet atau sembarangan)
- ip firewall filter add chain=input in-intefaces=ether2(INT) protocol=tcp dst-port=20,21,22,23,80,8291 action=drop
(Perintah jika ingin router tidak bisa di ping dari internet)
- ip firewall filter add chain=input in-interfaces=ether2(INT) protocol=icmp connection-state=established action=accept
- ip firewall filter add chain=input in-interfaces=ether3(INT) protocol=icmp action=drop
(Perintah jika ingin router bisa di akses oleh ip tertentu)
- ip firewall filter add chain=input in-interfaces=ether3(INT) protocol=tcp dst-port=8291 src-address 10.10.10.5 (ip yang diinginkan) action=accept
(Perintah jika ingin router tidak bisa diakses oleh jaringan local atau (ether3/disesuaikan)Jaringan local)
- ip firewall filter add chain=input in-interfaces=ether=3 src-address 192.168.10.5 action=accept
-ip firewall filter add chain=input in-interfaces=ether3 protocol=icmp connection-state=estabilished action=accept
-ip firewall filter add chain=input in-interfaces=ether3 protocol=icmp action=drop
Firewall Chain Forward
(Perintah jika ingin membatasi user untuk mengakses internet contoh"x.x.x.x-x.x.x.x")
- ip firewall filter add chain=forward src-address=192.168.2.5-192.168.2.10 in interfaces=ether3 action=accept
- ip firewall filter add chain=forward src-address=192.168.2.0/29 in-interfaces=ether3 action=drop
(Perintah jika ingin memblok akses internet terhadap situs tertentu dan user yang ingin mendownload file tertentu)
- ip firewall filter add chain=forward src-address=192.168.2.0/29 content=www.detik.com action=drop
- ip firewall filter add chain=forward src-address=192.168.2.0/29 content=.exe action=drop
WebProxy
(WinBox)
-enabled port 8080 jefri@smkn1bsk.sch.id chace on disk
Access
-src-192.168.10.0/29 access allo
-src-192.168.10.0/29 dsthost-www.detik.com access deny
-src 192.168.10.0/29 dsthost-www.detik.com access deny redirectto-www.google.com
-src 192.168.10.0/29 path ::iso access deny
Transparent Proxy
- ip firewall chain dstnat protocol 6 tco dst port 80 action redirect to ports 80
Tidak ada komentar:
Posting Komentar