kalo sya pake jurus blok semua port p2p... lumayan berhasil...
#yang ini membatasi akses user yang masuk ke router
add chain=input connection-state=established action=accept comment="Allow Established connections"
disabled=no
add chain=input src-address=192.168.100.0/24 dst-address=192.168.100.1 protocol=udp dst-port=53
action=accept comment="Allow UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP" disabled=no
add chain=input src-address=192.168.100.125 dst-address=192.168.100.1 dst-port=8291 action=accept
disabled=no
add chain=input src-address=192.168.100.61 dst-address=192.168.100.1 dst-port=8291 action=accept
disabled=no
add chain=input action=drop comment="Drop anything else" disabled=no
#yang ini blok p2p
add chain=forward protocol=tcp connection-state=invalid action=drop comment="drop invalid connections"
disabled=no
add chain=forward p2p=all-p2p action=drop comment="drop p2p"
add chain=forward protocol=tcp dst-port=6346-6348 action=drop
add chain=forward protocol=tcp dst-port=41170 action=drop
add chain=forward protocol=tcp dst-port=28864-28865 action=drop
add chain=forward protocol=tcp dst-port=8888-8889 action=drop
add chain=forward protocol=tcp dst-port=8311 action=drop
add chain=forward protocol=tcp dst-port=7668 action=drop
add chain=forward protocol=tcp dst-port=6881-6889 action=drop
add chain=forward protocol=tcp dst-port=6969 action=drop
add chain=forward protocol=tcp dst-port=5500-5503 action=drop
add chain=forward protocol=tcp dst-port=4762 action=drop
add chain=forward protocol=tcp dst-port=4661-4665 action=drop
add chain=forward protocol=tcp dst-port=4329 action=drop
add chain=forward protocol=tcp dst-port=1214 action=drop
add chain=forward protocol=tcp dst-port=1044-1045 action=drop
add chain=forward protocol=tcp dst-port=412 action=drop
#yang ini bener-bener cuma melewatkan port 53, selain itu drop... memang sedikit terlalu ketat...
add chain=forward protocol=udp dst-port=53 action=accept
add chain=forward protocol=udp action=drop
add chain=forward connection-state=established action=accept comment="allow already established
connections" disabled=no
add chain=forward connection-state=related action=accept comment="allow related connections" disabled=no
oke semoga bermanfaat.
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar