Mikrotik cihazlarda güvenlik kamerası port yönlendirme işlemini aşagıdaki kod ile yapabilirsiniz.
ip firewall nat add chain=dstnat dst-address=DIŞ_İP_ADRESİNİZ protocol=tcp dst-port=80 \
action=dst-nat to-addresses=192.168.1.101 to-ports=80
Terminali Açın:
/ip firewall address-list
add list=Engelleme_Listesi address=13.14.15.16
Engellemek istediğiniz ip adresinizi yazınız. Eğer gruba atmak isterseniz
add list=Engelleme Listesi address=39.39.39.0/24
yazın
Sonrasında aşagıdaki kodu yazın:
/ip firewall filter add chain=input src-address-list=Engelleme_Listesi action=drop
Aşağıdaki kodları terminale ekleyin
/ip dns static add address=127.0.0.1 name=pubads.g.doubleclick.net add address=127.0.0.1 name=static.doubleclick.net add address=127.0.0.1 name=devads.skypeassets.net add address=127.0.0.1 name=devapps.skype.net add address=127.0.0.1 name=qawww.skypeassets.net add address=127.0.0.1 name=qaapi.skype.net add address=127.0.0.1 name=preads.skypeassets.net add address=127.0.0.1 name=preapps.skype.net add address=127.0.0.1 name=static.skypeassets.com add address=127.0.0.1 name=serving.plexop.net add address=127.0.0.1 name=preg.bforex.com add address=127.0.0.1 name=ads1.msads.net add address=127.0.0.1 name=flex.msn.com add address=127.0.0.1 name=apps.skype.com add address=127.0.0.1 name=api.skype.com add address=127.0.0.1 name=cdn.mbstatic.org add address=127.0.0.1 name=marathonbet.com add address=127.0.0.1 name=megogo.net add address=127.0.0.1 name=adselector.ru add address=127.0.0.1 name=pluso.ru add address=127.0.0.1 name=flash.begun.ru add address=127.0.0.1 name=ad.adriver.ru
Mikrotik kullanan kişiler genelde giriş yaptıklarında terminalede sürekli olarak giriş denemelerini görürsünüz. Bunları engelliyebilirsiniz.
girin : /ip firewall filter
/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=ftp_blacklist action=drop comment="drop ftp brute forcers" add chain=output action=accept protocol=tcp content="530 Login incorrect" dst-limit=1/1m,9,dst-address/1m add chain=output action=add-dst-to-address-list protocol=tcp content="530 Login incorrect" address-list=ftp_blacklist address-list-timeout=3h
10 gün engelleme yapar.
girin : /ip firewall filter
/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute forcers" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage3 action=add-src-to-address-list address-list=ssh_blacklist address-list-timeout=10d comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage2 action=add-src-to-address-list address-list=ssh_stage3 address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new src-address-list=ssh_stage1 action=add-src-to-address-list address-list=ssh_stage2 address-list-timeout=1m comment="" disabled=no add chain=input protocol=tcp dst-port=22 connection-state=new action=add-src-to-address-list address-list=ssh_stage1 address-list-timeout=1m comment="" disabled=no add chain=forward protocol=tcp dst-port=22 src-address-list=ssh_blacklist action=drop comment="drop ssh brute downstream" disabled=no
Görebilirsiniz
/ip firewall address-list