- Get link
- X
- Other Apps
Antivirus Firewall rule for Mikrotik.
1. Open Mikrotik via winbox
2. Open New Terminal
3. Copy this script and paste
4. Press Enter
This script can block all kinds of Virus, Spam and Malware.
/ip firewall filter add chain=virus comment="KarimZI Academy Antivirus"
/ip firewall filter add chain=forward connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
/ip firewall filter add chain=forward connection-state=established action=accept comment="Established Connections" disabled=no
/ip firewall filter add chain=forward connection-state=related action=accept comment="Related connections" disabled=no
/ip firewall filter add chain=forward action=jump jump-target=virus comment="!!! Check for well-known viruses !!!" disabled=no
/ip firewall filter add chain=forward protocol=udp action=accept comment="UDP" disabled=no
/ip firewall filter add chain=forward protocol=icmp limit=50/5,2 action=accept comment="Allow limited Pings" disabled=no
/ip firewall filter add chain=forward protocol=icmp action=drop comment="Drop excess pings" disabled=no
/ip firewall filter add chain=input connection-state=invalid action=drop comment="Drop invalid connections" disabled=no
/ip firewall filter add chain=input tcp-flags=!syn connection-state=established action=accept comment="Accept established connections" disabled=no
/ip firewall filter add chain=input connection-state=related action=accept comment="Accept related connections" disabled=no
/ip firewall filter add chain=input action=jump jump-target=virus comment="!!! Check for well-known viruses !!!" disabled=no
/ip firewall filter add chain=input protocol=udp action=accept comment="UDP" disabled=no
/ip firewall filter add chain=input protocol=icmp limit=50/5,2 action=accept comment="Allow limited pings" disabled=no
/ip firewall filter add chain=input protocol=icmp action=drop comment="Drop excess pings" disabled=no
/ip firewall filter add chain=input dst-port=22 protocol=tcp action=accept comment="SSH for demo purposes" disabled=no
/ip firewall filter add chain=input dst-port=23 protocol=tcp action=accept comment="Telnet for demo purposes" disabled=no
/ip firewall filter add chain=input dst-port=80 protocol=tcp action=accept comment="http for demo purposes" disabled=no
/ip firewall filter add chain=input dst-port=3987 protocol=tcp action=accept comment="winbox for demo purposes" disabled=no
/ip firewall filter add chain=input action=accept log=yes comment="Log and drop everything else" disabled=no
/ip firewall filter add chain=virus dst-port=135-139 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
/ip firewall filter add chain=virus dst-port=135-139 protocol=udp action=drop comment="Drop Messenger Worm" disabled=no
/ip firewall filter add chain=virus dst-port=445 protocol=tcp action=drop comment="Drop Blaster Worm" disabled=no
/ip firewall filter add chain=virus dst-port=445 protocol=udp action=drop comment="Drop Blaster Worm" disabled=no
/ip firewall filter add chain=virus dst-port=593 protocol=tcp action=drop comment="________" disabled=no
/ip firewall filter add chain=virus dst-port=1024-1030 protocol=tcp action=drop comment="________" disabled=no
/ip firewall filter add chain=virus dst-port=1080 protocol=tcp action=drop comment="Drop MyDoom" disabled=no
/ip firewall filter add chain=virus dst-port=1214 protocol=tcp action=drop comment="________" disabled=no
/ip firewall filter add chain=virus dst-port=1363 protocol=tcp action=drop comment="ndm requester" disabled=no
/ip firewall filter add chain=virus dst-port=1364 protocol=tcp action=drop comment="ndm server" disabled=no
/ip firewall filter add chain=virus dst-port=1368 protocol=tcp action=drop comment="screen cast" disabled=no
/ip firewall filter add chain=virus dst-port=1373 protocol=tcp action=drop comment="hromgrafx" disabled=no
/ip firewall filter add chain=virus dst-port=1377 protocol=tcp action=drop comment="cichlid" disabled=no
/ip firewall filter add chain=virus dst-port=1433-1434 protocol=tcp action=drop comment="Worm" disabled=no
/ip firewall filter add chain=virus dst-port=2745 protocol=tcp action=drop comment="Bagle Virus" disabled=no
/ip firewall filter add chain=virus dst-port=2283 protocol=tcp action=drop comment="Drop Dumaru.Y" disabled=no
/ip firewall filter add chain=virus dst-port=2535 protocol=tcp action=drop comment="Drop Beagle" disabled=no
/ip firewall filter add chain=virus dst-port=2745 protocol=tcp action=drop comment="Drop Beagle.C-K" disabled=no
/ip firewall filter add chain=virus dst-port=3127-3128 protocol=tcp action=drop comment="Drop MyDoom" disabled=no
/ip firewall filter add chain=virus dst-port=3410 protocol=tcp action=drop comment="Drop Backdoor OptixPro" disabled=no
/ip firewall filter add chain=virus dst-port=4444 protocol=tcp action=drop comment="Worm" disabled=no
/ip firewall filter add chain=virus dst-port=4444 protocol=udp action=drop comment="Worm" disabled=no
/ip firewall filter add chain=virus dst-port=5554 protocol=tcp action=drop comment="Drop Sasser" disabled=no
/ip firewall filter add chain=virus dst-port=8866 protocol=tcp action=drop comment="Drop Beagle.B" disabled=no
/ip firewall filter add chain=virus dst-port=9898 protocol=tcp action=drop comment="Drop Dabber.A-B" disabled=no
/ip firewall filter add chain=virus dst-port=10000 protocol=tcp action=drop comment="Drop Dumaru.Y" disabled=no
/ip firewall filter add chain=virus dst-port=10080 protocol=tcp action=drop comment="Drop MyDoom.B" disabled=no
/ip firewall filter add chain=virus dst-port=12345 protocol=tcp action=drop comment="Drop NetBus" disabled=no
/ip firewall filter add chain=virus dst-port=17300 protocol=tcp action=drop comment="Drop Kuang2" disabled=no
/ip firewall filter add chain=virus dst-port=27374 protocol=tcp action=drop comment="Drop SubSeven" disabled=no
/ip firewall filter add chain=virus dst-port=65506 protocol=tcp action=drop comment="Drop PhatBot, Agobot, Gaobot" disabled=no
Comments
Post a Comment