操作路径:进入winbox,点击IP→ Firewall→Nat
首选当然是配置好正常DSTNAT端口映射。如下图我们将ROS的5900外网端口映射到内网8.240的5900端口上,这个和正常调试完全一样。
继续阅读
标签归档:防火墙
RouterOS/ROS禁止指定MAC拨入PPPOE脚本/教程
将PPPOE中的接口禁加桥接并将服务建在桥接接口上,然后使用bridge的防火墙来过滤PPPOEMAC
继续阅读MikroTik RouterOS/ROS网页热点认证hotspot放行苹果相关域名
以下脚本解决苹果设备IOS连接网络后无法弹出验证页问题:
继续阅读
ROS怎么屏蔽某个网站?
脚本示例:
/ ip firewall filter add chain=forward content="baidu.com" action=drop \
comment="drop-baidu" disabled=no
*以上脚本屏蔽baidu.com的连接。其它域名照做即可。
Winbox操作示例(进入Winbox,打开IP-firewall-filter):
MikroTik RouterOS/ROS 防火墙安全脚本
/ip firewall filter
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="port scanners to list " \
disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP FIN Stealth scan" \
disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/FIN scan" disabled=no \
protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="SYN/RST scan" disabled=no \
protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="FIN/PSH/URG scan" disabled=\
no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="ALL/ALL scan" disabled=no \
protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" \
address-list-timeout=2w chain=input comment="NMAP NULL scan" disabled=no \
protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no \
src-address-list="port scanners"
add action=drop chain=forward comment="" content=http://adsl.online.tj.cn/ \
disabled=no