Advertisement
willianmp

Regras de integracao com a RB/ControllR blk/pend

Aug 4th, 2017
550
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. //================================================== 1ª REGRA Filter Rules =============================================================
  2.  
  3.  
  4. /ip firewall filter
  5. add action=accept chain=forward comment="controllr " dst-port=7840 protocol=tcp
  6. add action=drop chain=forward comment=CTLR-MSG-BLOCKED disabled=no dst-address-list=!released_ips dst-port=!53 protocol=udp src-address-list=block
  7. add action=drop chain=forward comment=CTLR-MSG-BLOCKED disabled=no dst-address-list=!released_ips protocol=tcp src-address-list=block
  8.  
  9.  
  10. //================================================== 2ª REGRA Redirecionamentos - NAT ==================================================
  11.  
  12.  
  13. /ip firewall nat
  14. add action=dst-nat chain=dstnat comment=Acesso_Controllr_Web dst-port=8080 protocol=tcp to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8080
  15. add action=dst-nat chain=dstnat comment=Acesso_Controllr_SSH dst-port=2229 protocol=tcp to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=2229
  16. add action=dst-nat chain=dstnat comment=Acesso_Controllr_Banco_Bkp dst-port=8083 protocol=tcp to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8083
  17.  
  18.  
  19. //================================================== Bloqueio e Pendência ===============================================================
  20.  
  21.  
  22. /ip firewall nat
  23. add action=dst-nat chain=dstnat comment=CTLR-MSG-BLOCKED-HTTP-80 disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=block to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8090
  24. add action=dst-nat chain=dstnat comment=CTLR-MSG-BLOCKED-HTTPS-443 disabled=no dst-address-list=!released_ips dst-port=443 protocol=tcp src-address-list=block to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8091
  25. add action=dst-nat chain=dstnat comment=CTLR-MSG-PENDING-HTTP-80 disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=pendency to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8092
  26. add action=dst-nat chain=dstnat comment=CTLR-MSG-PENDING-HTTPS-443 disabled=no dst-address-list=!released_ips dst-port=443 protocol=tcp src-address-list=pendency to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8093
  27.  
  28.  
  29. //================================================== 3º REGRA Addres List ===============================================================
  30.  
  31.  
  32. /ip firewall address-list
  33. add address=00.00.00.00(IP do seu Software substituir) list=released_ips
  34. add address=8.8.4.4 list=released_ips
  35. add address=8.8.8.8 list=released_ips
  36.  
  37.  
  38. //================================================== 4º REGRA scheduler (pendência) ===============================================================
  39.  
  40.  
  41. /system scheduler
  42. add interval=2m name=Pendency on-event=":foreach ip in=[/ip firewall address-list find list=\"pendency\"] do={/ip firewall address-list remove \$ip}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
  43.  
  44.  
  45. //================================================== 5º REGRA API Monitoramento ===============================================================
  46.  
  47.  
  48.  
  49. /ip service
  50. set api address="" disabled=no port=8728
  51.  
  52.  
  53. //================================================== 6º REGRA PPP Interim Update ===============================================================
  54.  
  55.  
  56. /ppp aaa
  57. set interim-update=1m use-radius=yes
  58.  
  59.  
  60. //================================================== 7º REGRA Mangle ===============================================================
  61.  
  62.  
  63.  
  64. /ip firewall mangle
  65. add action=jump chain=prerouting dst-address-list=!released_ips jump-target=Controllr src-address-list=block
  66. add action=jump chain=prerouting dst-address-list=!released_ips jump-target=Controllr src-address-list=pendency
  67. add chain=Controllr
  68.  
  69.  
  70. // Controllr substituir os campos indicados pelo os IPs corretos, depois copiar estes scripts e colar em New Terminal.//
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement