Forum

Respostas

  • Pedro Filho Maio 21, 2013 8:02

    VLW Eberty...

    Eberty Jackson Rodrigues disse:

    A porta do FTP é a 21

    /ip firewall filter
    add action=drop chain=input comment=\
    "BLOQUEIA FTP BRUTE FORCERS - MENOS DO IP 172.31.255.2" disabled=no \
    dst-port=21 protocol=tcp src-address=!172.31.255.2 src-address-list=\
    ftp_blacklist
    add action=add-src-to-address-list address-list=ftp_blacklist \
    address-list-timeout=10w3d chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address-list=ftp_stage3
    add action=add-src-to-address-list address-list=ftp_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address-list=ftp_stage2
    add action=add-src-to-address-list address-list=ftp_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address-list=ftp_stage1
    add action=add-src-to-address-list address-list=ftp_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address=!172.31.255.2

    Só colocar essa regra ai.

  • Willian Douglas dos Santos Maio 20, 2013 21:14

    Funciono 100% valeus chefe....



    Eberty Jackson Rodrigues disse:

    Amigo, usa a mesma regra do SSH.

    /ip firewall filter
    add action=drop chain=input comment=\
    "BLOQUEIA SSH BRUTE FORCERS - MENOS DO IP 172.31.255.2" disabled=no \
    dst-port=22 protocol=tcp src-address=!172.31.255.2 src-address-list=\
    ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=10w3d chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address=!172.31.255.2

    Substitui as portas.

  • Eberty Rodrigues Maio 20, 2013 21:14

    A porta do FTP é a 21

    /ip firewall filter
    add action=drop chain=input comment=\
    "BLOQUEIA FTP BRUTE FORCERS - MENOS DO IP 172.31.255.2" disabled=no \
    dst-port=21 protocol=tcp src-address=!172.31.255.2 src-address-list=\
    ftp_blacklist
    add action=add-src-to-address-list address-list=ftp_blacklist \
    address-list-timeout=10w3d chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address-list=ftp_stage3
    add action=add-src-to-address-list address-list=ftp_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address-list=ftp_stage2
    add action=add-src-to-address-list address-list=ftp_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address-list=ftp_stage1
    add action=add-src-to-address-list address-list=ftp_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=21 protocol=tcp src-address=!172.31.255.2

    Só colocar essa regra ai.

  • andre luiz pereira pimentel Maio 20, 2013 21:13

    Aqui em nossa cidade a oí esta pessima... todo mundo reclamando da operadora não tem concorrente!!!!

  • Levi Maio 20, 2013 21:11

    se vc não usa a porta 22 desabilita ela em "services"

    Willian Douglas dos Santos disse:

    so muda as portas correto?

  • Willian Douglas dos Santos Maio 20, 2013 21:08

    so muda as portas correto?

  • Eberty Rodrigues Maio 20, 2013 20:58

    Amigo, usa a mesma regra do SSH.

    /ip firewall filter
    add action=drop chain=input comment=\
    "BLOQUEIA SSH BRUTE FORCERS - MENOS DO IP 172.31.255.2" disabled=no \
    dst-port=22 protocol=tcp src-address=!172.31.255.2 src-address-list=\
    ssh_blacklist
    add action=add-src-to-address-list address-list=ssh_blacklist \
    address-list-timeout=10w3d chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage3
    add action=add-src-to-address-list address-list=ssh_stage3 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage2
    add action=add-src-to-address-list address-list=ssh_stage2 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address-list=ssh_stage1
    add action=add-src-to-address-list address-list=ssh_stage1 \
    address-list-timeout=1m chain=input connection-state=new disabled=no \
    dst-port=22 protocol=tcp src-address=!172.31.255.2

    Substitui as portas.

This reply was deleted.