السلاموا عليكم ورحمة اللهاخوكم / اسلام الغمرى ( تركيب وصيانة الشبكات السلكية والاسلكية وكل مايخص الشبكات )
اولاً : اسكربت الحماية من برامج تقل الانترنت والهوت سبوت شيلد والبرامج الخبيثة مجرب على كل النسخ كل ماعليك تغير 10.1.1.0/24 الى اى بي الخروج عندك
/ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList address-list-timeout=4w2d chain=prerouting comment=WhiteList content=!127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList address-list-timeout=4w2d chain=prerouting comment=WhiteList content=!127.0.0.1:895 disabled=no dst-port=443 protocol=tcp
/ip firewall filter
add action=log chain=forward comment="Allow WhiteLists" disabled=no dst-address-list=WhiteList log-prefix=WhiteLists
add action=accept chain=forward comment="" disabled=no dst-address-list=WhiteList
add action=log chain=forward comment="Block HotSpot Shield" disabled=no log-prefix=HotSpotShield src-address-list=HotSpotShieldUsers
add action=drop chain=forward comment="Block HotSpot Shield" disabled=no src-address-list=HotSpotShieldUsers
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=jump chain=forward comment="TCP Service" disabled=no jump-target=tcp protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="Http ports" disabled=no dst-port=80 protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="allow win box" disabled=no dst-port=8291 protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="CHAT Services" disabled=no dst-port=443,1408,1863,7070,12340,1990,1995,8443,5938, 8396,34249 protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="" disabled=no dst-address=80.239.255.0/24 src-address=10.1.1.0/24
add action=accept chain=tcp comment="" disabled=no dst-address=67.195.186.0/24 src-address=10.1.1.0/24
add action=accept chain=tcp comment="" disabled=no dst-address=74.86.6.0/24 src-address=10.1.1.0/24
add action=accept chain=tcp comment="Gamzer ports" disabled=no dst-address=174.36.44.0/24 protocol=tcp src-address=10.1.1.0/24
add action=drop chain=tcp comment="drop other tcp ports 895" content=895 disabled=no protocol=tcp src-address=10.1.1.0/24
add action=drop chain=tcp comment="Drop Other Ports" disabled=no protocol=tcp src-address=10.1.1.0/24
add action=jump chain=forward comment="UDP SERVICE" disabled=no jump-target=udp protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=DNS disabled=no dst-port=53 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=DHCP disabled=no dst-port=67-68 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=NTP disabled=no dst-port=123 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment="MAC WINBOX" disabled=no dst-port=20561 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=SKYPE disabled=no dst-port=40001 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment="Neighbour discovery" disabled=no dst-port=5678 protocol=udp src-address=10.1.1.0/24
add action=drop chain=udp comment="drop other udp ports 895" content=895 disabled=no protocol=udp src-address=10.1.1.0/24
add action=drop chain=udp comment="drop other udp ports" disabled=no protocol=udp src-address=10.1.1.0/24
ثانياً : اسكربت لتثبيت البينجات على 30ms كل البنجات مستقرة ومجرب على كل النسخ
/ip firewall nat
add action=netmap chain=dstnat comment="ping shady soft" disabled=no \
protocol=icmp to-addresses=212.122.224.10
ثالثاً : اسكربت منع اجهزة الشبكة من الابديت نهائى مجرب تماما
/ip firewall address-list
add address=65.55.0.0/16 disabled=no list="Windows Update"
add address=157.55.0.0/16 disabled=no list="Windows Update"
add address=157.56.0.0/16 disabled=no list="Windows Update"
/ip firewall filter
add action=drop chain=forward comment="Drop WindowsUpdate AllVersions" disabled=no dst-address-list="Windows Update"
/system identity
set name="islam
"
/
رابعا ً : منع تقطيع الياهو
ip firewall mangle
add action=jump chain=prerouting comment="" connection-state=new disabled=no jump-rel="nofollow" target=tcp-services protocol=tcp
add action=jump chain=prerouting comment="" connection-state=new disabled=no jump-rel="nofollow" target=udp-services protocol=udp
add action=jump chain=prerouting comment="" connection-state=new disabled=no jump-rel="nofollow" target=other-services
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=20-21 new-connection-mark=ftp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=22 new-connection-mark=ssh passthrough=yes protocol=tcp src-port=513-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=23 new-connection-mark=telnet passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=25 new-connection-mark=smtp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=53 new-connection-mark=dns passthrough=yes protocol=tcp src-port=53
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=53 new-connection-mark=dns passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=80 new-connection-mark=http passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=110 new-connection-mark=pop3 passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=113 new-connection-mark=auth passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=119 new-connection-mark=nntp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=143 new-connection-mark=imap passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=161-162 new-connection-mark=snmp passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=443 new-connection-mark=https passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=465 new-connection-mark=smtps passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=993 new-connection-mark=imaps passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=995 new-connection-mark=pop3s passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=1723 new-connection-mark=pptp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=2379 new-connection-mark=kgs passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=3128 new-connection-mark=proxy passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=3987 new-connection-mark=win-ts passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=4242-4243 new-connection-mark=emule passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=overnet passthrough=yes protocol=tcp \
src-port=4661-4662
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=emule passthrough=yes protocol=tcp src-port=4711
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=5900-5901 new-connection-mark=vnc passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=6667-6669 new-connection-mark=irc passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=6881-6889 new-connection-mark=bittorrent passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=8080 new-connection-mark=http passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=8291 new-connection-mark=winbox passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no new-connection-mark=other-tcp passthrough=yes protocol=tcp
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=53 new-connection-mark=dns passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=123 new-connection-mark=ntp passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1701 new-connection-mark=l2tp passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=4665 new-connection-mark=emule passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=4672 new-connection-mark=emule passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=emule passthrough=yes protocol=udp src-port=4672
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=12053 new-connection-mark=overnet passthrough=yes protocol=udp \
src-port=1024-6553
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=overnet passthrough=yes protocol=udp \
src-port=12053
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=skype passthrough=yes protocol=udp src-port=36725
add action=mark-connection chain=udp-services comment="" connection-state=new disabled=no new-connection-mark=other-udp passthrough=yes protocol=udp
add action=mark-connection chain=other-services comment="" disabled=no icmp-options=8:0-255 new-connection-mark=ping passthrough=yes protocol=icmp
add action=mark-connection chain=other-services comment="" disabled=no new-connection-mark=gre passthrough=yes protocol=gre
add action=mark-connection chain=other-services comment="" disabled=no new-connection-mark=other passthrough=yes
add action=change-mss chain=forward comment="" disabled=no new-mss=1448 protocol=tcp tcp-flags=syn
خامسا : اسكربت انتى فيرس رهيب يعنى الاجهزة المصابة متاثرش عليك
ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=no
add action=drop chain=forward comment="" disabled=no p2p=all-p2p
add action=drop chain=forward comment="" disabled=no p2p=bit-torrent
add action=drop chain=forward comment="" disabled=no p2p=blubster
add action=drop chain=forward comment="" disabled=no p2p=direct-connect
add action=drop chain=forward comment="" disabled=no p2p=edonkey
add action=drop chain=forward comment="" disabled=no p2p=fasttrack
add action=drop chain=forward comment="" disabled=no p2p=gnutella
add action=drop chain=forward comment="" disabled=no p2p=soulseek
add action=drop chain=forward comment="" disabled=no p2p=warez
add action=drop chain=forward comment="" disabled=no p2p=winmx
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=no dst-port=65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" disabled=no jump-target=virus
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="NMAP FIN Stealth scan\
\n" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no src-address-list="port scanners"
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="NMAP FIN Stealth scan\
\n" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=forward comment="dropping port scanners" disabled=no src-address-list=\
"port scanners"
add action=jump chain=forward comment="" disabled=no jump-target=restrict-tcp protocol=tcp
add action=reject chain=restrict-tcp comment="" connection-mark=auth disabled=no reject-with=\
icmp-network-unreachable
add action=jump chain=restrict-tcp comment="anti-spam policy" connection-mark=smtp disabled=no \
jump-target=smtp-first-drop
add action=add-src-to-address-list address-list=approved-smtp address-list-timeout=5s chain=\
smtp-first-drop comment="" disabled=no src-address-list=first-smtp
add action=return chain=smtp-first-drop comment="" disabled=no src-address-list=approved-smtp
add action=add-src-to-address-list address-list=first-smtp address-list-timeout=5s chain=smtp-first-drop \
comment="" disabled=no
add action=reject chain=smtp-first-drop comment="" disabled=no reject-with=icmp-network-unreachable
add action=accept chain=forward comment="Allow HTTP" disabled=no dst-port=80 protocol=tcp
add action=accept chain=forward comment="Allow SMTP" disabled=no dst-port=25 protocol=tcp
add action=accept chain=forward comment="allow TCP" disabled=no protocol=tcp
add action=accept chain=forward comment="allow ping" disabled=no protocol=icmp
add action=accept chain=forward comment="allow udp" disabled=no protocol=udp
add action=drop chain=forward comment="drop everything else" disabled=no
add action=accept chain=forward comment="allow established connections" connection-state=established \
disabled=no
add action=accept chain=forward comment="allow related connections" connection-state=related disabled=no
add action=drop chain=forward comment="drop invalid connections" connection-state=invalid disabled=no
يا جماعة اللى عاوز اى اسكربت انا تحت امره واى حاجة تخص الشبكات موجود بإذن الله
اولاً : اسكربت الحماية من برامج تقل الانترنت والهوت سبوت شيلد والبرامج الخبيثة مجرب على كل النسخ كل ماعليك تغير 10.1.1.0/24 الى اى بي الخروج عندك
/ip firewall mangle
add action=add-dst-to-address-list address-list=WhiteList address-list-timeout=4w2d chain=prerouting comment=WhiteList content=!127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-src-to-address-list address-list=HotSpotShieldUsers address-list-timeout=1h chain=prerouting comment=HotSpotShieldUsers content=127.0.0.1:895 disabled=no dst-port=80 protocol=tcp
add action=add-dst-to-address-list address-list=WhiteList address-list-timeout=4w2d chain=prerouting comment=WhiteList content=!127.0.0.1:895 disabled=no dst-port=443 protocol=tcp
/ip firewall filter
add action=log chain=forward comment="Allow WhiteLists" disabled=no dst-address-list=WhiteList log-prefix=WhiteLists
add action=accept chain=forward comment="" disabled=no dst-address-list=WhiteList
add action=log chain=forward comment="Block HotSpot Shield" disabled=no log-prefix=HotSpotShield src-address-list=HotSpotShieldUsers
add action=drop chain=forward comment="Block HotSpot Shield" disabled=no src-address-list=HotSpotShieldUsers
/ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=yes
add action=jump chain=forward comment="TCP Service" disabled=no jump-target=tcp protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="Http ports" disabled=no dst-port=80 protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="allow win box" disabled=no dst-port=8291 protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="CHAT Services" disabled=no dst-port=443,1408,1863,7070,12340,1990,1995,8443,5938, 8396,34249 protocol=tcp src-address=10.1.1.0/24
add action=accept chain=tcp comment="" disabled=no dst-address=80.239.255.0/24 src-address=10.1.1.0/24
add action=accept chain=tcp comment="" disabled=no dst-address=67.195.186.0/24 src-address=10.1.1.0/24
add action=accept chain=tcp comment="" disabled=no dst-address=74.86.6.0/24 src-address=10.1.1.0/24
add action=accept chain=tcp comment="Gamzer ports" disabled=no dst-address=174.36.44.0/24 protocol=tcp src-address=10.1.1.0/24
add action=drop chain=tcp comment="drop other tcp ports 895" content=895 disabled=no protocol=tcp src-address=10.1.1.0/24
add action=drop chain=tcp comment="Drop Other Ports" disabled=no protocol=tcp src-address=10.1.1.0/24
add action=jump chain=forward comment="UDP SERVICE" disabled=no jump-target=udp protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=DNS disabled=no dst-port=53 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=DHCP disabled=no dst-port=67-68 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=NTP disabled=no dst-port=123 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment="MAC WINBOX" disabled=no dst-port=20561 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment=SKYPE disabled=no dst-port=40001 protocol=udp src-address=10.1.1.0/24
add action=accept chain=udp comment="Neighbour discovery" disabled=no dst-port=5678 protocol=udp src-address=10.1.1.0/24
add action=drop chain=udp comment="drop other udp ports 895" content=895 disabled=no protocol=udp src-address=10.1.1.0/24
add action=drop chain=udp comment="drop other udp ports" disabled=no protocol=udp src-address=10.1.1.0/24
ثانياً : اسكربت لتثبيت البينجات على 30ms كل البنجات مستقرة ومجرب على كل النسخ
/ip firewall nat
add action=netmap chain=dstnat comment="ping shady soft" disabled=no \
protocol=icmp to-addresses=212.122.224.10
ثالثاً : اسكربت منع اجهزة الشبكة من الابديت نهائى مجرب تماما
/ip firewall address-list
add address=65.55.0.0/16 disabled=no list="Windows Update"
add address=157.55.0.0/16 disabled=no list="Windows Update"
add address=157.56.0.0/16 disabled=no list="Windows Update"
/ip firewall filter
add action=drop chain=forward comment="Drop WindowsUpdate AllVersions" disabled=no dst-address-list="Windows Update"
/system identity
set name="islam
"
/
رابعا ً : منع تقطيع الياهو
ip firewall mangle
add action=jump chain=prerouting comment="" connection-state=new disabled=no jump-rel="nofollow" target=tcp-services protocol=tcp
add action=jump chain=prerouting comment="" connection-state=new disabled=no jump-rel="nofollow" target=udp-services protocol=udp
add action=jump chain=prerouting comment="" connection-state=new disabled=no jump-rel="nofollow" target=other-services
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=20-21 new-connection-mark=ftp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=22 new-connection-mark=ssh passthrough=yes protocol=tcp src-port=513-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=23 new-connection-mark=telnet passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=25 new-connection-mark=smtp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=53 new-connection-mark=dns passthrough=yes protocol=tcp src-port=53
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=53 new-connection-mark=dns passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=80 new-connection-mark=http passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=110 new-connection-mark=pop3 passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=113 new-connection-mark=auth passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=119 new-connection-mark=nntp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=143 new-connection-mark=imap passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=161-162 new-connection-mark=snmp passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=443 new-connection-mark=https passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=465 new-connection-mark=smtps passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=993 new-connection-mark=imaps passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=995 new-connection-mark=pop3s passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=1723 new-connection-mark=pptp passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=2379 new-connection-mark=kgs passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=3128 new-connection-mark=proxy passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=3987 new-connection-mark=win-ts passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=4242-4243 new-connection-mark=emule passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=overnet passthrough=yes protocol=tcp \
src-port=4661-4662
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=emule passthrough=yes protocol=tcp src-port=4711
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=5900-5901 new-connection-mark=vnc passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=6667-6669 new-connection-mark=irc passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=6881-6889 new-connection-mark=bittorrent passthrough=yes protocol=tcp \
src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=8080 new-connection-mark=http passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no dst-port=8291 new-connection-mark=winbox passthrough=yes protocol=tcp src-port=1024-65535
add action=mark-connection chain=tcp-services comment="" disabled=no new-connection-mark=other-tcp passthrough=yes protocol=tcp
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=53 new-connection-mark=dns passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=123 new-connection-mark=ntp passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1701 new-connection-mark=l2tp passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=4665 new-connection-mark=emule passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=4672 new-connection-mark=emule passthrough=yes protocol=udp src-port=1024-65535
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=emule passthrough=yes protocol=udp src-port=4672
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=12053 new-connection-mark=overnet passthrough=yes protocol=udp \
src-port=1024-6553
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=overnet passthrough=yes protocol=udp \
src-port=12053
add action=mark-connection chain=udp-services comment="" disabled=no dst-port=1024-65535 new-connection-mark=skype passthrough=yes protocol=udp src-port=36725
add action=mark-connection chain=udp-services comment="" connection-state=new disabled=no new-connection-mark=other-udp passthrough=yes protocol=udp
add action=mark-connection chain=other-services comment="" disabled=no icmp-options=8:0-255 new-connection-mark=ping passthrough=yes protocol=icmp
add action=mark-connection chain=other-services comment="" disabled=no new-connection-mark=gre passthrough=yes protocol=gre
add action=mark-connection chain=other-services comment="" disabled=no new-connection-mark=other passthrough=yes
add action=change-mss chain=forward comment="" disabled=no new-mss=1448 protocol=tcp tcp-flags=syn
خامسا : اسكربت انتى فيرس رهيب يعنى الاجهزة المصابة متاثرش عليك
ip firewall filter
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here" disabled=no
add action=drop chain=forward comment="" disabled=no p2p=all-p2p
add action=drop chain=forward comment="" disabled=no p2p=bit-torrent
add action=drop chain=forward comment="" disabled=no p2p=blubster
add action=drop chain=forward comment="" disabled=no p2p=direct-connect
add action=drop chain=forward comment="" disabled=no p2p=edonkey
add action=drop chain=forward comment="" disabled=no p2p=fasttrack
add action=drop chain=forward comment="" disabled=no p2p=gnutella
add action=drop chain=forward comment="" disabled=no p2p=soulseek
add action=drop chain=forward comment="" disabled=no p2p=warez
add action=drop chain=forward comment="" disabled=no p2p=winmx
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=135-139 protocol=tcp
add action=drop chain=virus comment="Drop Messenger Worm" disabled=no dst-port=135-139 protocol=udp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=tcp
add action=drop chain=virus comment="Drop Blaster Worm" disabled=no dst-port=445 protocol=udp
add action=drop chain=virus comment=________ disabled=no dst-port=593 protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1024-1030 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=1080 protocol=tcp
add action=drop chain=virus comment=________ disabled=no dst-port=1214 protocol=tcp
add action=drop chain=virus comment="ndm requester" disabled=no dst-port=1363 protocol=tcp
add action=drop chain=virus comment="ndm server" disabled=no dst-port=1364 protocol=tcp
add action=drop chain=virus comment="screen cast" disabled=no dst-port=1368 protocol=tcp
add action=drop chain=virus comment=hromgrafx disabled=no dst-port=1373 protocol=tcp
add action=drop chain=virus comment=cichlid disabled=no dst-port=1377 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=1433-1434 protocol=tcp
add action=drop chain=virus comment="Bagle Virus" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=2283 protocol=tcp
add action=drop chain=virus comment="Drop Beagle" disabled=no dst-port=2535 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.C-K" disabled=no dst-port=2745 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom" disabled=no dst-port=3127-3128 protocol=tcp
add action=drop chain=virus comment="Drop Backdoor OptixPro" disabled=no dst-port=3410 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=tcp
add action=drop chain=virus comment=Worm disabled=no dst-port=4444 protocol=udp
add action=drop chain=virus comment="Drop Sasser" disabled=no dst-port=5554 protocol=tcp
add action=drop chain=virus comment="Drop Beagle.B" disabled=no dst-port=8866 protocol=tcp
add action=drop chain=virus comment="Drop Dabber.A-B" disabled=no dst-port=9898 protocol=tcp
add action=drop chain=virus comment="Drop Dumaru.Y" disabled=no dst-port=10000 protocol=tcp
add action=drop chain=virus comment="Drop MyDoom.B" disabled=no dst-port=10080 protocol=tcp
add action=drop chain=virus comment="Drop NetBus" disabled=no dst-port=12345 protocol=tcp
add action=drop chain=virus comment="Drop Kuang2" disabled=no dst-port=17300 protocol=tcp
add action=drop chain=virus comment="Drop SubSeven" disabled=no dst-port=27374 protocol=tcp
add action=drop chain=virus comment="Drop PhatBot, Agobot, Gaobot" disabled=no dst-port=65506 protocol=tcp
add action=jump chain=forward comment="jump to the virus chain" disabled=no jump-target=virus
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="NMAP FIN Stealth scan\
\n" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=input \
comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=input comment="dropping port scanners" disabled=no src-address-list="port scanners"
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="Port scanners to list " disabled=no protocol=tcp psd=21,3s,3,1
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="NMAP FIN Stealth scan\
\n" disabled=no protocol=tcp tcp-flags=fin,!syn,!rst,!psh,!ack,!urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="SYN/FIN scan" disabled=no protocol=tcp tcp-flags=fin,syn
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="SYN/RST scan" disabled=no protocol=tcp tcp-flags=syn,rst
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="FIN/PSH/URG scan" disabled=no protocol=tcp tcp-flags=fin,psh,urg,!syn,!rst,!ack
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="ALL/ALL scan" disabled=no protocol=tcp tcp-flags=fin,syn,rst,psh,ack,urg
add action=add-src-to-address-list address-list="port scanners" address-list-timeout=2w chain=forward \
comment="NMAP NULL scan" disabled=no protocol=tcp tcp-flags=!fin,!syn,!rst,!psh,!ack,!urg
add action=drop chain=forward comment="dropping port scanners" disabled=no src-address-list=\
"port scanners"
add action=jump chain=forward comment="" disabled=no jump-target=restrict-tcp protocol=tcp
add action=reject chain=restrict-tcp comment="" connection-mark=auth disabled=no reject-with=\
icmp-network-unreachable
add action=jump chain=restrict-tcp comment="anti-spam policy" connection-mark=smtp disabled=no \
jump-target=smtp-first-drop
add action=add-src-to-address-list address-list=approved-smtp address-list-timeout=5s chain=\
smtp-first-drop comment="" disabled=no src-address-list=first-smtp
add action=return chain=smtp-first-drop comment="" disabled=no src-address-list=approved-smtp
add action=add-src-to-address-list address-list=first-smtp address-list-timeout=5s chain=smtp-first-drop \
comment="" disabled=no
add action=reject chain=smtp-first-drop comment="" disabled=no reject-with=icmp-network-unreachable
add action=accept chain=forward comment="Allow HTTP" disabled=no dst-port=80 protocol=tcp
add action=accept chain=forward comment="Allow SMTP" disabled=no dst-port=25 protocol=tcp
add action=accept chain=forward comment="allow TCP" disabled=no protocol=tcp
add action=accept chain=forward comment="allow ping" disabled=no protocol=icmp
add action=accept chain=forward comment="allow udp" disabled=no protocol=udp
add action=drop chain=forward comment="drop everything else" disabled=no
add action=accept chain=forward comment="allow established connections" connection-state=established \
disabled=no
add action=accept chain=forward comment="allow related connections" connection-state=related disabled=no
add action=drop chain=forward comment="drop invalid connections" connection-state=invalid disabled=no
يا جماعة اللى عاوز اى اسكربت انا تحت امره واى حاجة تخص الشبكات موجود بإذن الله
أزال المؤلف هذا التعليق.
ردحذفلو سمحت اريد ايقاف اي برنامج VPN اي بروكسي خارجي فقط
ردحذف