返回列表 發帖
Qnewbie

Rank: 1
1# 跳轉到 »
發表於 2017-1-4 21:01 | 顯示全部帖子
本帖最後由 Qnewbie 於 2017-1-4 21:20 編輯

1. As a basic firewall rull, allow login with "admin" only from your local network, Allowed address from 0.0.0.0/0 to something like 192.168.88.0/24.
System => user, double click admin.

2. You can change your login name.
Add your own username to your router with same rights as admin(full) with winbox.
System => user => +
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

Qnewbie

Rank: 1
2#
發表於 2017-1-4 21:15 | 顯示全部帖子
One more thing, you can block brute force attacks after you change your username:
  1. /ip firewall filter
  2. add chain=input protocol=tcp dst-port=8291 src-address-list=winbox_blacklist action=drop \
  3. comment="drop winbox brute forcers" disabled=no

  5. add chain=input protocol=tcp dst-port=8291 connection-state=new \
  6. src-address-list=winbox_stage3 action=add-src-to-address-list address-list=winbox_blacklist \
  7. address-list-timeout=10d comment="" disabled=no

  9. add chain=input protocol=tcp dst-port=8291 connection-state=new \
  10. src-address-list=winbox_stage2 action=add-src-to-address-list address-list=winbox_stage3 \
  11. address-list-timeout=1m comment="" disabled=no

  13. add chain=input protocol=tcp dst-port=8291 connection-state=new src-address-list=winbox_stage1 \
  14. action=add-src-to-address-list address-list=winbox_stage2 address-list-timeout=1m comment="" disabled=no

  16. add chain=input protocol=tcp dst-port=8291 connection-state=new action=add-src-to-address-list \
  17. address-list=winbox_stage1 address-list-timeout=1m comment="" disabled=no
複製代碼
Source: http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention with modification for winbox.
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

Qnewbie

Rank: 1
3#
發表於 2017-1-4 21:56 | 顯示全部帖子
本帖最後由 Qnewbie 於 2017-1-4 22:00 編輯

Other basic firewall scripts might help you:

http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter

Scripts with following link might be modified after your need(be carefull!):
http://wiki.mikrotik.com/wiki/Basic_universal_firewall_script
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

Qnewbie

Rank: 1
4#
發表於 2017-1-4 22:23 | 顯示全部帖子
Just click OK, it is alright.
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

Qnewbie

Rank: 1
5#
發表於 2017-1-4 22:55 | 顯示全部帖子
"disabled=no" seems to be indicator to the packet processing for the firewall. I cannot find information from http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter.
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

Qnewbie

Rank: 1
6#
發表於 2017-1-5 19:06 | 顯示全部帖子
回復 14# vpn-learner
In winbox, you simply click "New terminal", a terminal pops up and you can use copy&paste these codes in #8 to build you firewall rules. Firewall works according to these rules. Script is saved in a file(winbox: system =>script) and executed by schedular or by hand.
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

Qnewbie

Rank: 1
7#
發表於 2017-1-5 19:10 | 顯示全部帖子
More info, see http://wiki.mikrotik.com/wiki/Manual:Console
RB750G, RB2011UAS-2HnD
IP01, A580IP, AT-610

TOP

返回列表