Отсечь флуд !

Обсуждение ПО и его настройки
Ответить
Justbox
Сообщения: 2
Зарегистрирован: 14 янв 2011, 14:22

Провайдер понизил скорость с 100мб до 10мб заявим что микротик шлет много флуд пакетов этим самым глушит его шлюзы , отключив от микротика две сети пользователей флуд прекратился . Помогите настроить микротик чтобы он мог пресекать флудирастов до выхода в инет и кидал их например в группу flud_users .
Вот настройки firewall :

Код: Выделить всё

/ip firewall filter
add action=accept chain=input comment="accept established connection packets" connection-state=established disabled=no
add action=accept chain=input comment="accept related connection packets" connection-state=related disabled=no
add action=drop chain=input comment="drop invalid packets" connection-state=invalid disabled=no
add action=accept chain=input comment="Allow access to router from known network" disabled=no src-address-list=safe
add action=drop chain=input comment="detect and drop port scan connections" disabled=no protocol=tcp psd=21,3s,3,1
add action=tarpit chain=input comment="suppress DoS attack" connection-limit=3,32 disabled=no protocol=tcp src-address-list=black_list
add action=add-src-to-address-list address-list=black_list address-list-timeout=1d chain=input comment="detect DoS attack" connection-limit=10,32 disabled=no protocol=tcp
add action=jump chain=input comment="jump to chain ICMP" disabled=no jump-target=ICMP protocol=icmp
add action=jump chain=input comment="jump to chain services" disabled=no jump-target=services
add action=accept chain=input comment="Allow Broadcast Traffic" disabled=no dst-address-type=broadcast
add action=log chain=input comment="" disabled=no log-prefix=Filter:
add action=drop chain=input comment="drop everything else" disabled=no
add action=accept chain=ICMP comment="0:0 and limit for 5pac/s" disabled=no icmp-options=0:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:3 and limit for 5pac/s" disabled=no icmp-options=3:3 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="3:4 and limit for 5pac/s" disabled=no icmp-options=3:4 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="8:0 and limit for 5pac/s" disabled=no icmp-options=8:0-255 limit=5,5 protocol=icmp
add action=accept chain=ICMP comment="11:0 and limit for 5pac/s" disabled=no icmp-options=11:0-255 limit=5,5 protocol=icmp
add action=drop chain=ICMP comment="Drop everything else" disabled=no protocol=icmp
add action=accept chain=services comment="accept localhost" disabled=no dst-address=127.0.0.1 src-address=127.0.0.1 src-address-list=""
add action=accept chain=services comment="allow MACwinbox " disabled=yes dst-port=20561 protocol=udp
add action=accept chain=services comment="Bandwidth server" disabled=yes dst-port=2000 protocol=tcp
add action=accept chain=services comment=" MT Discovery Protocol" disabled=yes dst-port=5678 protocol=udp
add action=accept chain=services comment="allow SNMP" disabled=yes dst-port=161 protocol=tcp
add action=accept chain=services comment="Allow BGP" disabled=yes dst-port=179 protocol=tcp
add action=accept chain=services comment="allow BGP" disabled=yes dst-port=5000-5100 protocol=udp
add action=accept chain=services comment="Allow NTP" disabled=yes dst-port=123 protocol=udp
add action=accept chain=services comment="Allow PPTP" disabled=no dst-port=1723 protocol=tcp
add action=accept chain=services comment="allow PPTP and EoIP" disabled=no protocol=gre
add action=accept chain=services comment="allow DNS request" disabled=yes dst-port=53 protocol=tcp
add action=accept chain=services comment="Allow DNS request" disabled=yes dst-port=53 protocol=udp
add action=accept chain=services comment=UPnP disabled=yes dst-port=1900 protocol=udp
add action=accept chain=services comment=UPnP disabled=yes dst-port=2828 protocol=tcp
add action=accept chain=services comment="allow DHCP" disabled=yes dst-port=67-68 protocol=udp
add action=accept chain=services comment="allow Web Proxy" disabled=yes dst-port=8080 protocol=tcp
add action=accept chain=services comment="allow IPIP" disabled=yes protocol=ipencap
add action=accept chain=services comment="allow https for Hotspot" disabled=yes dst-port=443 protocol=tcp
add action=accept chain=services comment="allow Socks for Hotspot" disabled=yes dst-port=1080 protocol=tcp
add action=accept chain=services comment="Allow IPSec-esp" disabled=yes protocol=ipsec-esp
add action=accept chain=services comment="Allow IPSec-ah" disabled=yes protocol=ipsec-ah
add action=accept chain=services comment="Allow IKE" disabled=yes dst-port=500 protocol=udp
add action=accept chain=services comment="Allow IPSec-esp" disabled=yes protocol=ipsec-esp
add action=accept chain=services comment="Allow IPSec-ah" disabled=yes protocol=ipsec-ah
add action=accept chain=services comment="allow RIP" disabled=yes dst-port=520-521 protocol=udp
add action=accept chain=services comment="allow OSPF" disabled=yes protocol=ospf
add action=return chain=services comment="" disabled=no
add action=accept chain=forward comment="" disabled=no dst-address=10.8.0.0/16 src-address=192.168.1.0/24
add action=accept chain=forward comment="" disabled=no dst-address=192.168.1.0/24 src-address=10.8.0.0/16
add action=accept chain=forward comment="" disabled=no dst-address=10.8.0.0/16 src-address=0.0.0.0/0
add action=accept chain=forward comment="" disabled=no dst-address=0.0.0.0/0 src-address=10.8.0.0/16
add action=accept chain=forward comment="" disabled=no dst-address=192.168.1.0/24 src-address=0.0.0.0/0
add action=accept chain=forward comment="" disabled=no dst-address=0.0.0.0/0 src-address=192.168.1.0/24
add action=drop chain=forward comment="" disabled=no

/ip firewall nat
add action=masquerade chain=srcnat comment="LAN 10.8.0.0/16" disabled=no src-address=10.8.0.0/16
add action=masquerade chain=srcnat comment=GW-252 disabled=no src-address=192.168.1.252
add action=dst-nat chain=dstnat comment="FTP for share" disabled=no dst-address=89.31.18.XXX dst-port=21 protocol=tcp to-addresses=10.8.254.15 to-ports=21
add action=dst-nat chain=dstnat comment="FTP for share" disabled=no dst-address=89.31.18.XXX dst-port=20 protocol=tcp to-addresses=10.8.254.15 to-ports=20
add action=dst-nat chain=dstnat comment="FTP pasive mode for share" disabled=no dst-address=89.31.18.XXX dst-port=8000-8100 protocol=tcp to-addresses=10.8.254.15 to-ports=8000-8100
add action=dst-nat chain=dstnat comment="Squid for 192.168.1.252" disabled=no dst-address=89.31.18.XXX dst-port=3128 protocol=tcp src-address-list=safe to-addresses=192.168.1.252 to-ports=3128
add action=dst-nat chain=dstnat comment="HTTP for 10.8.254.1" disabled=no dst-address=89.31.18.XXX dst-port=9080 protocol=tcp to-addresses=10.8.254.1 to-ports=80
add action=dst-nat chain=dstnat comment="RDP for 10.8.254.4" disabled=no dst-address=89.31.18.XXX dst-port=3389 protocol=tcp to-addresses=10.8.254.4 to-ports=3389


Заранее благодарен !


pmilovidov
Сообщения: 69
Зарегистрирован: 02 май 2011, 14:51

у нас была подобная проблема, наш СисьАдмин решил её посредством блокировки портов, с которых сыпался флуд, порты мы узнали у нашего провайдера...

/ip firewall filter add chain=input action=drop protocol=udp src-address=0.0.0.0/0 (куда угодно)
dst-port=135-145

таких пакетов за пол года набралось 2 000 000 равно 218МБ


Ответить