Scribd
Upload
164 views6 pages

Annisa Rezdky Andini Ab Xii TKJ 5

The document contains firewall configuration commands that filter network traffic by dropping or accepting connections based on port numbers, protocols, IP addresses, and other connection properties. Specific ports are configured to be dropped for inbound and outbound traffic. The firewall also allows established and related connections and drops invalid traffic.

Uploaded by

Annisa Rezdky Andini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
164 views6 pages

Annisa Rezdky Andini Ab Xii TKJ 5

The document contains firewall configuration commands that filter network traffic by dropping or accepting connections based on port numbers, protocols, IP addresses, and other connection properties. Specific ports are configured to be dropped for inbound and outbound traffic. The firewall also allows established and related connections and drops invalid traffic.

Uploaded by

Annisa Rezdky Andini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Annisa Rezdky Andini Ab

XII TKJ 5

Script Firewall

 Ip firewall filter add chain=drop protocol=udp port=143 action=drop


comment=”drop port 143” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=135-139 action=drop
comment=”drop port 135-139” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=445 action=drop
comment=”drop port 445” disabled=no
 Ip firewall filter add chain=drop protocol=udp port=445 action=drop
comment=”drop port 445” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=593 action=drop
comment=”drop port 593” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1024-1030 action=drop
comment=”drop port 1024-1030” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1080 action=drop
comment=”drop port 1080” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1214 action=drop
comment=”drop port 1214” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1363 action=drop
comment=”drop port 1363” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1364 action=drop
comment=”drop port 1364” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1368 action=drop
comment=”drop port 1368” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1373 action=drop
comment=”drop port 1373” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1377 action=drop
comment=”drop port 1377” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=1433-1434 action=drop
comment=”drop port 1433-1434” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=2745 action=drop
comment=”drop port 2745” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=2283 action=drop
comment=”drop port 2283” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=2535 action=drop
comment=”drop port 2535” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=3127-3128 action=drop
comment=”drop port 3127-3128” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=4444 action=drop
comment=”drop port 4444” disabled=no
 Ip firewall filter add chain=drop protocol=udp port=4444 action=drop
comment=”drop port 4444” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=5554 action=drop
comment=”drop port 5554” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=8868 action=drop
comment=”drop port 8868” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=9898 action=drop
comment=”drop port 9898” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=10080 action=drop
comment=”drop port 10080” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=12345 action=drop
comment=”drop port 12345” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=17300 action=drop
comment=”drop port 17300” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=27374 action=drop
comment=”drop port 27374” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=65506 action=drop
comment=”drop port 65506” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=22 action=drop
comment=”drop port 22” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=21 action=drop
comment=”drop port 21” disabled=no
 Ip firewall filter add chain=drop protocol=tcp port=23 action=drop
comment=”drop port 23” disabled=no

 Ip firewall filter add chain=drop protocol=udp dst-port=143 src-address-list=blaclist


action=drop comment=”drop port 143” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=135-139 src-address-
list=blaclist action=drop comment=”drop port 135-139” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=445 src-address-list=blaclist
action=drop comment=”drop port 445” disabled=no
 Ip firewall filter add chain=drop protocol=udp dst-port=445 src-address-
list=blaclist action=drop comment=”drop port 445” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=593 src-address-list=blaclist
action=drop comment=”drop port 593” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1024-1030 src-address-
list=blaclist action=drop comment=”drop port 1024-1030” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1080 src-address-
list=blaclist action=drop comment=”drop port 1080” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1214 src-address-
list=blaclist action=drop comment=”drop port 1214” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1363 src-address-
list=blaclist action=drop comment=”drop port 1363” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1364 src-address-
list=blaclist action=drop comment=”drop port 1364” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1368 src-address-
list=blaclist action=drop comment=”drop port 1368” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1373 src-address-
list=blaclist action=drop comment=”drop port 1373” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1377 src-address-
list=blaclist action=drop comment=”drop port 1377” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=1433-1434 src-address-
list=blaclist action=drop comment=”drop port 1433-1434” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=2745 src-address-
list=blaclist action=drop comment=”drop port 2745” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=2283 src-address-
list=blaclist action=drop comment=”drop port 2283” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=2535 src-address-
list=blaclist action=drop comment=”drop port 2535” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=3127-3128 src-address-
list=blaclist action=drop comment=”drop port 3127-3128” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=4444 src-address-
list=blaclist action=drop comment=”drop port 4444” disabled=no
 Ip firewall filter add chain=drop protocol=udp dst-port=4444 src-address-
list=blaclist action=drop comment=”drop port 4444” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=5554 src-address-
list=blaclist action=drop comment=”drop port 5554” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=8868 src-address-
list=blaclist action=drop comment=”drop port 8868” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=9898 src-address-
list=blaclist action=drop comment=”drop port 9898” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=10080 src-address-
list=blaclist action=drop comment=”drop port 10080” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=12345 src-address-
list=blaclist action=drop comment=”drop port 12345” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=17300 src-address-
list=blaclist action=drop comment=”drop port 17300” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=27374 src-address-
list=blaclist action=drop comment=”drop port 27374” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=65506 src-address-
list=blaclist action=drop comment=”drop port 65506” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=22 src-address-list=blaclist
action=drop comment=”drop port 22” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=21 src-address-list=blaclist
action=drop comment=”drop port 21” disabled=no
 Ip firewall filter add chain=drop protocol=tcp dst-port=23 src-address-list=blaclist
action=drop comment=”drop port 23” disabled=no

 Ip address add address=192.168.5.3/24 interface=ether1


 Ip firewall filter add chain=input protocol=tcp port=5060,5061,5064 action=accept
src-address-list=allow dst-port=5060,5061,5064 disabled=no
 Ip firewall filter add chain=input protocol=udp port=5060,5061,5064
action=accept src-address-list=allow dst-port=5060,5061,5064 disabled=no
 Ip firewall filter add chain=input protocol=udp port=80 action=accept src-address-
list=allow dst-port=80 disabled=no
 Ip firewall filter add chain=input protocol=tcp port=123 action=accept src-address-
list=allow dst-port=123 disabled=no
 Ip firewall filter add chain=input protocol=tcp port=2208 action=accept src-
address-list=allow dst-port=2208 disabled=no
 Ip firewall filter add chain=input protocol=tcp port=443-450 action=accept src-
address-list=allow dst-port=443-450 disabled=no

 Ip firewall filter add action=drop chain=input comment="Drop Invalid


connections" connection-state=invalid
 Ip firewall filter add chain=input comment="Allow Established connections"
connection-state=established
 Ip firewall filter add chain=input comment="Allow ICMP" protocol=icmp
 Ip firewall filter add chain=input in-interface=ether1 src-address=192.168.5.3/24
 Ip firewall filter add action=drop chain=input comment="Drop everything else"
 Ip firewall filter add action=drop chain=forward comment="drop invalid
connections" connection-state=invalid protocol=tcp
 Ip firewall filter add chain=forward comment="allow already established
connections" connection-state=established
 Ip firewall filter add chain=forward comment="allow related connections"
connection-state=related
 Ip firewall filter add action=drop chain=forward src-address=0.0.0.0/8
 Ip firewall filter add action=drop chain=forward dst-address=0.0.0.0/8
 Ip firewall filter add action=drop chain=forward src-address=127.0.0.0/8
 Ip firewall filter add action=drop chain=forward dst-address=127.0.0.0/8
 Ip firewall filter add action=drop chain=forward comment="Int range - class D and
E multicasts" src-address=224.0.0.0/3
 Ip firewall filter add action=drop chain=forward dst-address=224.0.0.0/3
 Ip firewall filter add action=jump chain=forward jump-target=tcp protocol=tcp
 Ip firewall filter add action=jump chain=forward jump-target=udp protocol=udp
 Ip firewall filter add action=jump chain=forward jump-target=icmp protocol=icmp

 Ip firewall filter add action=drop chain=tcp comment="deny TFTP" disabled=yes


dst-port=69 protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny RPC portmapper"
dst-port=111 protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny RPC portmapper"
dst-port=135 protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny NBT" dst-port=137-
139 protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny cifs" dst-port=445
protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny NFS" dst-port=2049
protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny NetBus" dst-
port=12345-12346 protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny NetBus" dst-
port=20034 protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny BackOriffice" dst-
port=3133 protocol=tcp
 Ip firewall filter add action=drop chain=tcp comment="deny DHCP" dst-port=67-
68 protocol=tcp
 Ip firewall filter add action=drop chain=udp comment="deny TFTP" disabled=yes
dst-port=69 protocol=udp
 Ip firewall filter add action=drop chain=udp comment="deny PRC portmapper"
dst-port=111 protocol=udp
 Ip firewall filter add action=drop chain=udp comment="deny PRC portmapper"
dst-port=135 protocol=udp
 Ip firewall filter add action=drop chain=udp comment="deny NBT" dst-port=137-
139 protocol=udp
 Ip firewall filter add action=drop chain=udp comment="deny NFS" dst-port=2049
protocol=udp
 Ip firewall filter add action=drop chain=udp comment="deny BackOriffice" dst-
port=3133 protocol=udp
 Ip firewall filter add chain=icmp comment="echo reply" icmp-options=0:0
protocol=icmp
 Ip firewall filter add chain=icmp comment="net unreachable" icmp-options=3:0
protocol=icmp
 Ip firewall filter add chain=icmp comment="host unreachable" icmp-options=3:1
protocol=icmp
 Ip firewall filter add chain=icmp comment="host unreachable fragmentation
required" icmp-options=3:4 protocol=icmp
 Ip firewall filter add chain=icmp comment="allow source quench" icmp-
options=4:0 protocol=icmp
 Ip firewall filter add chain=icmp comment="allow echo request" icmp-options=8:0
protocol=icmp
 Ip firewall filter add chain=icmp comment="allow time exceed" icmp-options=11:0
protocol=icmp
 Ip firewall filter add chain=icmp comment="allow parameter bad" icmp-
options=12:0 protocol=icmp
 Ip firewall filter add action=drop chain=icmp comment="deny all other types"
 Ip firewall filter add action=drop chain=input comment="drop ftp brute forcers"
dst-port=21 protocol=tcp src-address-list=ftp_blacklist
 Ip firewall filter add chain=output content="530 Login incorrect" dst-
limit=1/1m,9,dst-address/1m protocol=tcp
 Ip firewall filter add action=add-dst-to-address-list address-list=ftp_blacklist
address-list-timeout=3h chain=output content="530 Login incorrect" protocol=tcp
 Ip firewall filter add action=drop chain=input comment="drop ssh brute forcers"
dst-port=22 protocol=tcp src-address-list=ssh_blacklist
 Ip firewall filter add action=add-src-to-address-list address-list=ssh_blacklist
address-list-timeout=1w3d chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage3
 Ip firewall filter add action=add-src-to-address-list address-list=ssh_stage3
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage2
 Ip firewall filter add action=add-src-to-address-list address-list=ssh_stage2
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp src-address-list=ssh_stage1
 Ip firewall filter add action=add-src-to-address-list address-list=ssh_stage1
address-list-timeout=1m chain=input connection-state=new dst-port=22
protocol=tcp
 Ip firewall filter add action=drop chain=forward comment="drop ssh brute
downstream" dst-port=22 protocol=tcp src-address-list=ssh_blacklist

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy