Lab.6 Cara Mengamankan Mikrotik
Assalamu'alaikum sahabat.
klik kanan, paste
Untuk saat ini, cukup sekian. jika sahabat ingin yang lebih detail atau ada pertannyaan, silahkan komentar.
Terima Kasih
Assalamu'alaikum Wr. Wb.
Pada kesempatan kali ini, kita akan membahas tentang pengamanan Mikrotik kita. perangkat apasaja.
Tidak seperti yang biasa, kali ini kita akan menggunakan CLI ( Command Line Interface).
Pake Terminal biar keren. Hitam - Putih
cara buka
dan berikut perintahnya
/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop_invalid_connections”
/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP”
/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow_limited_pings”
/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop_excess_pings”
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ournetwork action=accept comment=”FTP”
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ournetwork action=accept comment=”SSH_for_secure_shell”
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web”
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox”
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log_everything_else”
/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=ournetwork action=accept comment=”Telnet”
/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=ournetwork action=accept comment=”Web1”
/ip firewall mangle add chain=prerouting protocol=icmp action=mark-connection new-connection-mark=icmp-con passthrough=yes comment=” bikin_cepat_ping_dan_dns”
/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server”
/ip firewall filter add chain=input action=log log-prefix="DROP INPUT" comment=”Log¬everythingelse”
/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=ournetwork action=accept comment=”winbox1”dan caranya adalah copy perintah di atas dan pastekan satu - satu ke Terminal.
klik kanan, paste
Untuk saat ini, cukup sekian. jika sahabat ingin yang lebih detail atau ada pertannyaan, silahkan komentar.
Terima Kasih
Assalamu'alaikum Wr. Wb.
0 comments