Firewall
**************** Basic Firewall - Syn Flood - Port Scan - Dos Attack - 3 golpes 22-23-8291 - Permitir L2TP - PPTP ************************
/ip firewall filter
add action=drop chain=Basic_Firewall comment="Basic Firewall" \
connection-state=invalid
add action=accept chain=Basic_Firewall connection-state=established,related
add action=jump chain=input jump-target=Basic_Firewall
add action=jump chain=forward jump-target=Basic_Firewall
add action=add-src-to-address-list address-list=Syn_Flooder \
address-list-timeout=30m chain=input comment="Add Syn Flood Detect" \
connection-limit=30,32 protocol=tcp tcp-flags=syn
add action=drop chain=input src-address-list=Syn_Flooder
add action=add-src-to-address-list address-list=Port_scan \
address-list-timeout=12w6d chain=input comment="Port scan detection" \
protocol=tcp psd=21,3s,3,1
add action=drop chain=input src-address-list=Port_scan
add action=add-src-to-address-list address-list=DDoS_Blacklist \
address-list-timeout=12w6d chain=input comment="Dos attack detect" \
connection-limit=10,32 log=yes protocol=tcp
add action=tarpit chain=input connection-limit=3,32 protocol=tcp \
src-address-list=Black_list
add action=drop chain=input comment="DNS Relay Attack Drop" connection-state=\
new dst-port=53 protocol=udp
add action=drop chain=input connection-state=new dst-port=53 protocol=tcp
add action=reject chain=output comment="Outbound - Block L2TP without IPsec" \
ipsec-policy=out,none port=1701 protocol=udp reject-with=\
icmp-admin-prohibited
add action=accept chain=input comment="Winbox acces from WAN" dst-port=8291 \
log=yes protocol=tcp
add action=accept chain=input comment="Allow VPN - PPTP Server" dst-port=1723 \
protocol=tcp
add action=accept chain=input protocol=gre
add action=accept chain=input comment="Allow VPN - L2TP Server" dst-port=1701 \
protocol=udp
/ip firewall filter
add action=drop chain=input connection-state=new src-address-list=blacklist
add action=add-src-to-address-list address-list=blacklist address-list-timeout=4w2d5m chain=input connection-state=new dst-port= 22,23,8291 protocol=tcp src-address-list="tercer intento"
add action=add-src-to-address-list address-list="tercer intento" address-list-timeout=5m chain=input connection-state=new dst-port= 22,23,8291 protocol=tcp src-address-list="segundo intento"
add action=add-src-to-address-list address-list="segundo intento" address-list-timeout=5m chain=input connection-state=new dst-port= 22,23,8291 protocol=tcp src-address-list="primer intento"
add action=add-src-to-address-list address-list="primer intento" address-list-timeout=5m chain=input connection-state=new dst-port= 22,23,8291 protocol=tcp
************************ mangle ********************************************
/ip firewall mangle
add action=mark-connection chain=prerouting comment=******ICMP****** \
new-connection-mark=ICMP_C passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_C \
new-packet-mark=ICMP_F passthrough=no
add action=mark-connection chain=prerouting comment=Http_tcp \
new-connection-mark=HTTP_C_tcp passthrough=yes protocol=tcp src-port=80
add action=mark-packet chain=prerouting connection-mark=HTTP_C_tcp \
new-packet-mark=HTTP_F_tcp packet-mark="" passthrough=no
add action=mark-connection chain=prerouting comment=Http_udp \
new-connection-mark=HTTP_C_upd passthrough=yes protocol=udp src-port=80
add action=mark-packet chain=prerouting connection-mark=HTTP_C_upd \
new-packet-mark=HTTP_F_udp packet-mark="" passthrough=no
add action=mark-connection chain=prerouting comment=Https_tcp \
new-connection-mark=HTTPS_C_tpc passthrough=yes protocol=tcp src-port=443
add action=mark-packet chain=prerouting connection-mark=HTTPS_C_tpc \
new-packet-mark=HTTPS_F_tpc packet-mark="" passthrough=no
add action=mark-connection chain=prerouting comment=Https_udp \
new-connection-mark=HTTPS_C_udp passthrough=yes protocol=udp src-port=443
add action=mark-packet chain=prerouting connection-mark=HTTPS_C_udp \
new-packet-mark=HTTPS_F_udp packet-mark="" passthrough=no
add action=mark-connection chain=prerouting comment=DNS_tcp connection-mark=\
"" new-connection-mark=DNS_C_tcp packet-mark="" passthrough=yes protocol=\
tcp src-port=53
add action=mark-packet chain=prerouting connection-mark=DNS_tcp \
new-packet-mark=DNS_F_tcp passthrough=no
add action=mark-connection chain=prerouting comment=DNS_udp connection-mark=\
"" new-connection-mark=DNS_C_udp packet-mark="" passthrough=yes protocol=\
udp src-port=53
add action=mark-packet chain=prerouting connection-mark=DNS_udp \
new-packet-mark=DNS_F_udp passthrough=no
add action=mark-connection chain=prerouting comment=VPN dst-port=1701 \
new-connection-mark=VPN_C passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=VPN_C \
new-packet-mark=VPN_F passthrough=no
add action=mark-connection chain=prerouting comment=Voip dst-port=5060,5061 \
new-connection-mark=Voip_C passthrough=yes protocol=udp
add action=mark-packet chain=prerouting connection-mark=Voip_C \
new-packet-mark=Voip_F passthrough=yes
add action=mark-connection chain=prerouting comment="Resto trafico" \
new-connection-mark=Otro_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=Otro_C \
new-packet-mark=Otro_F passthrough=no
*******************bloqueo Whatsapp ******************************
/system scheduler
add comment="Whatsapp Blocker" interval=2m name="Whatsapp Blocker" on-event="#\
\_Use DNS Entrys and add Address to the Firewall Address-list #\r\
\n:foreach i in=[/ip dns cache all find where (name~\"whatsapp\") && (type\
=\"A\") ] do={\r\
\n :local tmpAddress [/ip dns cache get \$i address];\r\
\ndelay delay-time=10ms\r\
\n# prevent script from using all cpu time #\r\
\n :if ( [/ip firewall address-list find where address=\$tmpAddress] = \
\"\") do={ \r\
\n :local cacheName [/ip dns cache get \$i name] ;\r\
\n :log info (\"added entry: \$cacheName \$tmpAddress\");\r\
\n /ip firewall address-list add address=\$tmpAddress list=Whatsapp co\
mment=\$cacheName;\r\
\n}\r\
\n}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive \
start-time=startup
/ip firewall filter
add chain=forward action=drop dst-address-list=Whatsapp disabled=no comment="Whatsapp Blocker"
************************ virus ********************************************
/ip firewall filter add chain=forward action=jump jump-target=virus comment="!!! Check for well-known viruses !!!" disabled=no
/ip firewall filter add chain=input action=jump jump-target=virus comment="!!! Check for well-known viruses !!!" disabled=no
/ip firewall filter add chain=virus dst-port=135-139 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
/ip firewall filter add chain=virus dst-port=135-139 protocol=udp action=drop comment="Drop Messenger Worm" disabled=no
/ip firewall filter add chain=virus dst-port=445 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
/ip firewall filter add chain=virus dst-port=445 protocol=udp action=drop comment="Drop Blaster Worm" disabled=no
/ip firewall filter add chain=virus dst-port=593 protocol=tcp action=drop comment="________" disabled=no
/ip firewall filter add chain=virus dst-port=1024-1030 protocol=tcp action=drop comment="________" disabled=no
/ip firewall filter add chain=virus dst-port=1080 protocol=tcp action=drop comment="Drop MyDoom" disabled=no
/ip firewall filter add chain=virus dst-port=1214 protocol=tcp action=drop comment="________" disabled=no
/ip firewall filter add chain=virus dst-port=1363 protocol=tcp action=drop comment="ndm requester" disabled=no
/ip firewall filter add chain=virus dst-port=1364 protocol=tcp action=drop comment="ndm server" disabled=no
/ip firewall filter add chain=virus dst-port=1368 protocol=tcp action=drop comment="screen cast" disabled=no
/ip firewall filter add chain=virus dst-port=1373 protocol=tcp action=drop comment="hromgrafx" disabled=no
/ip firewall filter add chain=virus dst-port=1377 protocol=tcp action=drop comment="cichlid" disabled=no
/ip firewall filter add chain=virus dst-port=1433-1434 protocol=tcp action=drop comment="Worm" disabled=no
/ip firewall filter add chain=virus dst-port=2745 protocol=tcp action=drop comment="Bagle Virus" disabled=no
/ip firewall filter add chain=virus dst-port=2283 protocol=tcp action=drop comment="Drop Dumaru.Y" disabled=no
/ip firewall filter add chain=virus dst-port=2535 protocol=tcp action=drop comment="Drop Beagle" disabled=no
/ip firewall filter add chain=virus dst-port=2745 protocol=tcp action=drop comment="Drop Beagle.C-K" disabled=no
/ip firewall filter add chain=virus dst-port=3127-3128 protocol=tcp action=drop comment="Drop MyDoom" disabled=no
/ip firewall filter add chain=virus dst-port=3410 protocol=tcp action=drop comment="Drop Backdoor OptixPro" disabled=no
/ip firewall filter add chain=virus dst-port=4444 protocol=tcp action=drop comment="Worm" disabled=no
/ip firewall filter add chain=virus dst-port=4444 protocol=udp action=drop comment="Worm" disabled=no
/ip firewall filter add chain=virus dst-port=5554 protocol=tcp action=drop comment="Drop Sasser" disabled=no
/ip firewall filter add chain=virus dst-port=8866 protocol=tcp action=drop comment="Drop Beagle.B" disabled=no
/ip firewall filter add chain=virus dst-port=9898 protocol=tcp action=drop comment="Drop Dabber.A-B" disabled=no
/ip firewall filter add chain=virus dst-port=10000 protocol=tcp action=drop comment="Drop Dumaru.Y" disabled=no
/ip firewall filter add chain=virus dst-port=10080 protocol=tcp action=drop comment="Drop MyDoom.B" disabled=no
/ip firewall filter add chain=virus dst-port=12345 protocol=tcp action=drop comment="Drop NetBus" disabled=no
/ip firewall filter add chain=virus dst-port=17300 protocol=tcp action=drop comment="Drop Kuang2" disabled=no
/ip firewall filter add chain=virus dst-port=27374 protocol=tcp action=drop comment="Drop SubSeven" disabled=no
/ip firewall filter add chain=virus dst-port=65506 protocol=tcp action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no