API tools faq
paste
Advertisement
Wimpheling

Untitled

Wimpheling
Jun 23rd, 2020
611
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.06 KB | None | 0 0
raw download clone embed print report
  1. 4.Защищаем WAN порт от DoS атаки. Будем добавлять в черный список на сутки тех, кто пытается открыть больше 15 соединений в секунду.
  2.  
  3. /ip firewall filter
  4. add action=jump chain=forward connection-state=new in-interface-list=WAN jump-target=Def-DoS
  5. add action=jump chain=input connection-state=new in-interface-list=WAN jump-target=Def-DoS
  6. add action=drop chain=forward connection-state=new src-address-list=BAN-Def-DoS
  7. add action=return chain=anti-DoS dst-limit=15,15,src-address/10s
  8. add action=add-src-to-address-list address-list=BAN-Def-DoS address-list-timeout=1d chain=Def-DoS
  9. add action=jump chain=input connection-state=new dst-port=22,8291 in-interface-list=WAN jump-target=anti-BruteForce protocol=tcp
  10. add action=drop chain=forward connection-state=new src-address-list=BAN-BruteForce
  11. add action=return chain=anti-BruteForce dst-limit=4/1m,1,src-address/1m40s
  12. add action=add-src-to-address-list address-list=BAN-BruteForce address-list-timeout=1d chain=anti-BruteForce
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!