Скачать с ютуб Mikrotik episodio 6: Firewall Avanzado в хорошем качестве

Mikrotik episodio 6: Firewall Avanzado

En este episodio les enseño cómo configurar el firewall de manera avanzada para tener un mejor control del tráfico. Recuerda dejarme un 👍 si te gustó el video, realmente me ayuda mucho a seguir creciendo! ¡Suscríbete! 👉 https://www.youtube.com/@thecyberbrot... ▬▬▬▬ LISTAS DE REPRODUCCIÓN ▬▬▬▬ 📜Tutoriales Mikrotik ➔    • Mikrotik episodio 01: Cómo Tener Tu P...   ▬▬▬▬▬ MIS REDES ▬▬▬▬▬ 🐦 Twitter ➔   / davidjeifetz   Reglas de Firewall: /ip firewall filter add action=add-src-to-address-list address-list=Block-DDoS \ address-list-timeout=none-dynamic chain=input comment=" Block DDoS" \ connection-limit=32,32 disabled=yes protocol=tcp add action=tarpit chain=input connection-limit=10,32 protocol=tcp \ src-address-list=Block-DDoS comment="" disabled=yes add action=accept chain=input comment="Acceso winbox desde trunk" dst-port=\ 8291 disabled=yes protocol=tcp add action=drop chain=input dst-port=53 in-interface=ether4 log-prefix=\ DNS protocol=udp disabled=yes comment=" Bloquea consultas DNS desde Internet" add action=accept chain=input disabled=yes comment=\ " Permite sesiones TCP input establecidas" connection-state=established add action=accept chain=input comment=\ " Permite sesiones TCP input relacionadas" disabled=yes connection-state=related add action=accept chain=input comment=" Acceso al DHCP server" disabled=yes dst-port=67-68 \ log-prefix="DHCP REQUEST" protocol=udp add action=accept chain=input comment=\ " Permite utilizar el MK como DNS Server" disabled=yes dst-port=53 protocol=udp add action=drop chain=input comment=" No permite sesiones TCP input invalidas" \ connection-state=invalid log-prefix="DROP INPUT INVALIDAS" disabled=yes add action=drop chain=input comment=" DENIEGO TODO LO QUE ENTRE AL ROUTER Y NO \ EST\C9 EXPLICITAMENTE PERMITIDO" log-prefix="DROP INPUT" protocol=!icmp disabled=yes add action=accept chain=forward comment=" Permite sesiones TCP establecidas" \ connection-state=established disabled=yes add action=accept chain=forward comment=" Permite sesiones TCP relacionadas" \ connection-state=related disabled=yes add action=accept chain=forward comment=" Permite PING" log-prefix=PING \ protocol=icmp disabled=yes add action=accept chain=forward comment=" Permite HTTP" dst-port=80 protocol=\ tcp disabled=yes add action=accept chain=forward comment=" Permite 587 Secure Mail" dst-port=587 \ protocol=tcp disabled=yes add action=accept chain=forward comment=" Permite HTTPS" dst-port=443 \ protocol=tcp disabled=yes add action=accept chain=forward comment=" Permite FTP" dst-port=21 protocol=\ tcp disabled=yes add action=accept chain=forward comment=" Permite SSH" dst-port=22 protocol=\ tcp disabled=yes add action=accept chain=forward comment=" Permite SSH 1122" dst-port=1122 \ protocol=tcp disabled=yes add action=accept chain=forward comment=" Permite DNS" dst-port=53 protocol=\ udp disabled=yes add action=accept chain=forward comment=" Permite SMTP" dst-port=25 protocol=\ tcp disabled=yes add action=accept chain=forward comment=" Permite SMTP" dst-port=465 protocol=\ tcp disabled=yes add action=accept chain=forward comment=" Permite POP3" dst-port=110 protocol=\ tcp disabled=yes add action=accept chain=forward comment=" Permite POP3S" dst-port=995 \ protocol=tcp disabled=yes add action=accept chain=forward comment=" Permite IMAP" dst-port=143 protocol=\ tcp disabled=yes add action=accept chain=forward comment=" Permite IMAPS" dst-port=993 \ protocol=tcp disabled=yes add action=accept chain=forward comment=" Permite RDP" dst-port=3389 protocol=\ tcp disabled=yes add action=drop chain=forward comment=" DISABLED No permite sesiones TCP invalidas" \ connection-state=invalid disabled=yes log-prefix="DROP FORWARD INVALIDAS" add action=drop chain=forward comment=" DENIEGO TODO LO QUE ATRAVIESE EL ROUTER\ \_Y NO EST\C9 EXPLICITAMENTE PERMITIDO" log=yes \ log-prefix="DROP FORWARD" disabled=yes