More Related Content
Similar to Reglas de Firewall.docx
Similar to Reglas de Firewall.docx (20)
Reglas de Firewall.docx
- 1. Reglas de Firewall: /ip firewall filter add action=add-src-to-address-list address-list=Block-
DDoS address-list-timeout=none-dynamic chain=input comment=" Block DDoS" connection-
limit=32,32 disabled=yes protocol=tcp add action=tarpit chain=input connection-limit=10,32
protocol=tcp src-address-list=Block-DDoS comment="" disabled=yes add action=accept
chain=input comment="Acceso winbox desde trunk" dst-port= 8291 disabled=yes protocol=tcp
add action=drop chain=input dst-port=53 in-interface=ether4 log-prefix= DNS protocol=udp
disabled=yes comment=" Bloquea consultas DNS desde Internet" add action=accept
chain=input disabled=yes comment= " Permite sesiones TCP input establecidas" connection-
state=established add action=accept chain=input comment= " Permite sesiones TCP input
relacionadas" disabled=yes connection-state=related add action=accept chain=input
comment=" Acceso al DHCP server" disabled=yes dst-port=67-68 log-prefix="DHCP
REQUEST" protocol=udp add action=accept chain=input comment= " Permite utilizar el MK
como DNS Server" disabled=yes dst-port=53 protocol=udp add action=drop chain=input
comment=" No permite sesiones TCP input invalidas" connection-state=invalid log-
prefix="DROP INPUT INVALIDAS" disabled=yes add action=drop chain=input comment="
DENIEGO TODO LO QUE ENTRE AL ROUTER Y NO ESTC9 EXPLICITAMENTE
PERMITIDO" log-prefix="DROP INPUT" protocol=!icmp disabled=yes add action=accept
chain=forward comment=" Permite sesiones TCP establecidas" connection-state=established
disabled=yes add action=accept chain=forward comment=" Permite sesiones TCP
relacionadas" connection-state=related disabled=yes add action=accept chain=forward
comment=" Permite PING" log-prefix=PING protocol=icmp disabled=yes add action=accept
chain=forward comment=" Permite HTTP" dst-port=80 protocol= tcp disabled=yes add
action=accept chain=forward comment=" Permite 587 Secure Mail" dst-port=587 protocol=tcp
disabled=yes add action=accept chain=forward comment=" Permite HTTPS" dst-port=443
protocol=tcp disabled=yes add action=accept chain=forward comment=" Permite FTP" dst-
port=21 protocol= tcp disabled=yes add action=accept chain=forward comment=" Permite
SSH" dst-port=22 protocol= tcp disabled=yes add action=accept chain=forward comment="
Permite SSH 1122" dst-port=1122 protocol=tcp disabled=yes add action=accept
chain=forward comment=" Permite DNS" dst-port=53 protocol= udp disabled=yes add
action=accept chain=forward comment=" Permite SMTP" dst-port=25 protocol= tcp
disabled=yes add action=accept chain=forward comment=" Permite SMTP" dst-port=465
protocol= tcp disabled=yes add action=accept chain=forward comment=" Permite POP3" dst-
port=110 protocol= tcp disabled=yes add action=accept chain=forward comment=" Permite
POP3S" dst-port=995 protocol=tcp disabled=yes add action=accept chain=forward
comment=" Permite IMAP" dst-port=143 protocol= tcp disabled=yes add action=accept
chain=forward comment=" Permite IMAPS" dst-port=993 protocol=tcp disabled=yes add
action=accept chain=forward comment=" Permite RDP" dst-port=3389 protocol= tcp
disabled=yes add action=drop chain=forward comment=" DISABLED No permite sesiones
TCP invalidas" connection-state=invalid disabled=yes log-prefix="DROP FORWARD
INVALIDAS" add action=drop chain=forward comment=" DENIEGO TODO LO QUE
ATRAVIESE EL ROUTER _Y NO ESTC9 EXPLICITAMENTE PERMITIDO" log=yes log-
prefix="DROP FORWARD" disabled=yes