# If you are using a router smaller than an RB1100, you may want to disable them.Īdd dont-require-permissions=no name=DownloadSpamhaus owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\ # These scripts pull a signifcant number of addresses to the address list and will require higher end routers. The interfaces still need to be added to the lists. Set rp-filter=strict secure-redirects=no send-redirects=no tcp-syncookies=yes In a multi-homed network, setting the rp-filter to no or loose may be the better choice. # This section can left alone for most situations, however, if you are multi-homing, this could cause a # Interface lists that are used (“WAN Interfaces” & “LAN Interfaces”). # Once the script has been applied to the router, you will need to set the interface that apply to the # – Provides a variety of other common packet cleaning rules # – Protects against multiple types of ICMP attacks including SMURF attacks # – Protects against other attacks that are commonly disguised as originating from DNS servers # – Provides protection for RotuerOS services # – Provides protection for the DNS proxy # – Detects and drops high connection rates
# – Includes Joshaven Potter’s scripts for SpanHaus, dsheild, malc0de, and VOIP blacklists # – Includes an advanced port scan detection # – Allows whitelisting & blacklisting of URLs # – Based mostly on a zone based defense. # This script has been created for use by the general public and may be used freely.
# Username in MikroTik Forum is rickfrey # # Rick Frey’s Basic MikroTik Firewall Rev 6.1 for IPv4 (Free Version) #
A few problematic rules have been omitted.
#FREE WINBOX MIKROTIK UPDATE#
This update fixes several syntax errors and moves as many rules to the RAW section as it makes sense to do. The text file version is located here: Rick Frey’s Basic MikroTik Firewall Rev 6.1 for IPv4