Mikrotik firewall ddos: Difference between revisions
(Created page with "/ip firewall filter add action=MEMO chain=forward comment="::::::::::::::::::::::::::::::::::::::::::::: Filter Hack DDos :::::::::::::::::::::::::::::::::::::::::::::" disabled=yes add action=return chain=detect-ddos comment="DDoS Exit admin" src-address-list=Mangle_Allow_Admin add action=return chain=detect-ddos comment="DDoS Exit Web " dst-port=80 protocol=tcp add action=return chain=detect-ddos comment="DDoS Exit Web " dst-port=443 ...") |
No edit summary |
||
| Line 1: | Line 1: | ||
1. clock | |||
/system clock | |||
set time-zone-name=Asia/Tehran | |||
/system clock manual | |||
set time-zone=+03:30 | |||
2. ntp | |||
/system ntp client | |||
set enabled=yes | |||
/system ntp client servers | |||
add address=ir.pool.ntp.org | |||
add address=0.asia.pool.ntp.org | |||
add address=time.day.ir | |||
/ip firewall filter | /ip firewall filter | ||
Latest revision as of 08:07, 10 September 2024
1. clock
/system clock set time-zone-name=Asia/Tehran /system clock manual set time-zone=+03:30
2. ntp
/system ntp client set enabled=yes /system ntp client servers add address=ir.pool.ntp.org add address=0.asia.pool.ntp.org add address=time.day.ir
/ip firewall filter
add action=MEMO chain=forward comment="::::::::::::::::::::::::::::::::::::::::::::: Filter Hack DDos :::::::::::::::::::::::::::::::::::::::::::::" disabled=yes
add action=return chain=detect-ddos comment="DDoS Exit admin" src-address-list=Mangle_Allow_Admin
add action=return chain=detect-ddos comment="DDoS Exit Web " dst-port=80 protocol=tcp
add action=return chain=detect-ddos comment="DDoS Exit Web " dst-port=443 protocol=tcp
add action=return chain=detect-ddos comment="DDoS Detection and Blocking" dst-limit=32,32,src-and-dst-addresses/10s
add action=return chain=detect-ddos comment= "DDoS Detection and Blocking :Allow Ping" protocol=icmp
add action=return chain=detect-ddos comment= "DDoS Detection and Blocking :Allow local" out-interface=ether1_Wlan src-address-list="List Local Address"
add action=return chain=detect-ddos comment= "DDoS Detection and Blocking :Allow Moradmand" dst-port=1433 out-interface=ether1_Wlan protocol=tcp src-address=37.255.236.2
add action=return chain=detect-ddos comment= "DDoS Detection and Blocking :Allow Tracert" dst-port=33434-33436 protocol=udp
add action=return chain=detect-ddos comment="DDoS Detection and Blocking" src-address=192.168.1.0/24
add action=add-dst-to-address-list address-list=ddosed address-list-timeout= none-dynamic chain=detect-ddos comment="DDoS Detection and Blocking"
add action=add-src-to-address-list address-list=ddoser address-list-timeout= none-dynamic chain=detect-ddos comment="DDoS Detection and Blocking"
add action=drop chain=forward comment="DDoS Detection and Blocking" connection-state=new dst-address-list=ddosed src-address-list=ddoser
add action=MEMO chain=forward comment="::::::::::::::::::::::::::::::::::::::::::::: Filter Hack DDos :::::::::::::::::::::::::::::::::::::::::::::" disabled=yes