Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //================================================== 1ª REGRA Filter Rules =============================================================
- /ip firewall filter
- add action=accept chain=forward comment="controllr " dst-port=7840 protocol=tcp
- add action=drop chain=forward comment=CTLR-MSG-BLOCKED disabled=no dst-address-list=!released_ips dst-port=!53 protocol=udp src-address-list=block
- add action=drop chain=forward comment=CTLR-MSG-BLOCKED disabled=no dst-address-list=!released_ips protocol=tcp src-address-list=block
- //================================================== 2ª REGRA Redirecionamentos - NAT ==================================================
- /ip firewall nat
- add action=dst-nat chain=dstnat comment=Acesso_Controllr_Web dst-port=8080 protocol=tcp to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8080
- add action=dst-nat chain=dstnat comment=Acesso_Controllr_SSH dst-port=2229 protocol=tcp to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=2229
- add action=dst-nat chain=dstnat comment=Acesso_Controllr_Banco_Bkp dst-port=8083 protocol=tcp to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8083
- //================================================== Bloqueio e Pendência ===============================================================
- /ip firewall nat
- add action=dst-nat chain=dstnat comment=CTLR-MSG-BLOCKED-HTTP-80 disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=block to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8090
- add action=dst-nat chain=dstnat comment=CTLR-MSG-BLOCKED-HTTPS-443 disabled=no dst-address-list=!released_ips dst-port=443 protocol=tcp src-address-list=block to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8091
- add action=dst-nat chain=dstnat comment=CTLR-MSG-PENDING-HTTP-80 disabled=no dst-address-list=!released_ips dst-port=80 protocol=tcp src-address-list=pendency to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8092
- add action=dst-nat chain=dstnat comment=CTLR-MSG-PENDING-HTTPS-443 disabled=no dst-address-list=!released_ips dst-port=443 protocol=tcp src-address-list=pendency to-addresses=00.00.00.00(IP do seu Software substituir) to-ports=8093
- //================================================== 3º REGRA Addres List ===============================================================
- /ip firewall address-list
- add address=00.00.00.00(IP do seu Software substituir) list=released_ips
- add address=8.8.4.4 list=released_ips
- add address=8.8.8.8 list=released_ips
- //================================================== 4º REGRA scheduler (pendência) ===============================================================
- /system scheduler
- add interval=2m name=Pendency on-event=":foreach ip in=[/ip firewall address-list find list=\"pendency\"] do={/ip firewall address-list remove \$ip}" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup
- //================================================== 5º REGRA API Monitoramento ===============================================================
- /ip service
- set api address="" disabled=no port=8728
- //================================================== 6º REGRA PPP Interim Update ===============================================================
- /ppp aaa
- set interim-update=1m use-radius=yes
- //================================================== 7º REGRA Mangle ===============================================================
- /ip firewall mangle
- add action=jump chain=prerouting dst-address-list=!released_ips jump-target=Controllr src-address-list=block
- add action=jump chain=prerouting dst-address-list=!released_ips jump-target=Controllr src-address-list=pendency
- add chain=Controllr
- // Controllr substituir os campos indicados pelo os IPs corretos, depois copiar estes scripts e colar em New Terminal.//
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
