Está en la página 1de 2

/ip firewall filter add chain=input connection-state=established action=accept comment="Aceptar conexiones establecidas" disabled=no add chain=input connection-state=related action=accept

comment="Aceptar rela ted conexiones" disabled=no add chain=input connection-state=invalid action=drop comment="Rechazar conex iones invlidas" disabled=no add chain=input src-address=!192.168.81.0/24 src-address-list="Intentos SSH" action=drop comment="Bloquear Lista SSH" disabled=no add action=drop chain=input comment="Bloquea Lista Telnet" disabled=no \ src-address=!192.168.81.0/24 src-address-list=Telnet add chain=input src-address=!192.168.81.0/24 src-address-list="Bloqueo de in validos Router" action=drop comment="Bloqueo Lista de Invalidos" disabled=no add chain=input src-address=!192.168.81.0/24 src-address-list="Entradas por FTP" action=drop comment="Bloquear Lista FTP" disabled=no add chain=input protocol=tcp dst-port=21 action=add-src-to-address-list addr ess-list="Entradas por FTP" address-list-timeout=0s comment="Crea Lista de IPs q ue entran al FTP" disabled=no add chain=input protocol=tcp dst-port=21 action=accept comment="Aceptar Cone xiones FTP" disabled=no add chain=input protocol=tcp dst-port=80 action=add-src-to-address-list addr ess-list="Accesos Via Web" address-list-timeout=0s comment="Crea Lista de IPs qu e ven WebBox" disabled=no add chain=input protocol=tcp dst-port=80 action=accept comment="Acepta WebBo x" disabled=no add chain=input protocol=udp action=accept comment="UDP" disabled=no add chain=input protocol=icmp limit=50/5s,2 action=accept comment="Aceptar p ings limitados" disabled=no add chain=input protocol=icmp action=drop comment="Rechazar pings execibos" disabled=no add chain=input protocol=tcp dst-port=23 action=add-src-to-address-list="List a Telnet" address-list-timeout=0s comment="Lista Telnet" disabled=no add chain=input protocol=tcp dst-port=23 action=accept comment="Acepta Telne t" disabled=no add chain=input protocol=tcp dst-port=22 action=add-src-to-address-list addr ess-list="Intentos SSH" address-list-timeout=0s comment="Crea Lista de Entradas SSH" disabled=no add chain=input protocol=tcp dst-port=22 action=accept comment="SSH" disable d=no add chain=input src-address=192.168.81.0/24 action=accept comment="Conexione s desde la red Local" disabled=no add chain=input protocol=tcp dst-port=8291 action=add-src-to-address-list ad dress-list=Winbox address-list-timeout=0s comment="Agrega IPs Que entran por Win

box" disabled=no add chain=input protocol=tcp dst-port=8291 action=log log-prefix="Entrada po r Winbox" comment="Log entradas por WinBox" disabled=no add chain=input protocol=tcp dst-port=8291 action=accept comment="winbox" di sabled=no add chain=input protocol=tcp dst-port=23 action=accept comment="Aceptar Cone xiones Telnet" disabled=no add chain=input action=add-src-to-address-list address-list="Bloqueo de Inva lidos Router" address-list-timeout=0s comment="Lista de IP por acciones fuera de reglas" disabled=no add chain=input action=drop comment="Rechazar todo lo dems" disabled=no