Drop input en mikrotik

alex543 · Noviembre 09, 2015, 09:37:52 PM

hola porque me sale esto en log de mikrotik y siempre es la misma mac y lo hace todo el tiempo me llena el log y con diferentes puertos

DROP INPUT input: in:wan out:(none), src-mac 00:30:b8:c6:ab:90, proto TCP (ACK), 67.207.147.36:80->190.142.221.3:55003, len 1500

DROP INPUT input: in:wan out:(none), src-mac 00:30:b8:c6:ab:90, proto TCP (ACK), 67.207.147.36:80->190.142.221.3:55048, len 1500

DROP INPUT input: in:Lan out:(none), src-mac 68:72:51:0c:d4:1e, proto 2, 0.0.0.0->224.0.0.1, len 28

DROP INPUT input: in:wan out:(none), src-mac 00:30:b8:c6:ab:90, proto TCP (ACK,PSH), 216.58.192.78:443->190.142.221.3:57972, len 95

DROP INPUT input: in:wan out:(none), src-mac 00:30:b8:c6:ab:90, proto TCP (ACK), 67.207.147.36:80->190.142.221.3:55092, len 1500

DROP INPUT input: in:wan out:(none), src-mac 00:30:b8:c6:ab:90, proto TCP (ACK), 190.142.193.19:443->190.142.221.3:59546, len 1500

roxdng · Noviembre 10, 2015, 01:28:20 AM

Tienes una regla en firewall que dropea las entradas. Debes revisar tu firewall

Enviado desde mi iPad con Tapatalk

alex543 · Noviembre 11, 2015, 06:49:29 PM

esta son las reglas que estoy usando pero eso es bueno o malo me funciona bien solo que tenia curiosida en eso

/ ip firewall filter
add chain=input connection-state=established comment="Accept established connections"
add chain=input connection-state=related comment="Accept related connections"
add chain=input connection-state=invalid action=drop comment="Drop invalid connections"
add chain=input connection-state=established action=accept comment="Allow Established connections"
add chain=input protocol=udp action=accept comment="UDP" disabled=no
add chain=input protocol=icmp action=accept comment="Allow ICMP"
add chain=input protocol=icmp limit=50/5s,2 comment="Allow limited pings"
add chain=input protocol=icmp action=drop comment="Drop excess pings"
add chain=input in-interface=Lan src-address=192.168.80.0/24 comment="From our Lan" action=accept
add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
add chain=input action=drop comment="Drop everything else"
add chain=forward protocol=tcp connection-state=invalid action=drop comment="Drop invalid connections"
add chain=forward connection-state=established action=accept comment="Allow already established connections"
add chain=forward connection-state=related action=accept comment="Allow related connections"
add chain=forward src-address=0.0.0.0/8 action=drop comment="Block BOGON IP addresses"
add chain=forward dst-address=0.0.0.0/8 action=drop
add chain=forward src-address=127.0.0.0/8 action=drop
add chain=forward dst-address=127.0.0.0/8 action=drop
add chain=forward src-address=224.0.0.0/3 action=drop
add chain=forward dst-address=224.0.0.0/3 action=drop
add chain=forward protocol=tcp action=jump jump-target=tcp comment="Make jumps to new chains"
add chain=forward protocol=udp action=jump jump-target=udp
add chain=forward protocol=icmp action=jump jump-target=icmp
add chain=tcp protocol=tcp dst-port=69 action=drop comment="Deny TFTP"
add chain=tcp protocol=tcp dst-port=111 action=drop comment="Deny RPC portmapper"
add chain=tcp protocol=tcp dst-port=135 action=drop comment="Deny RPC portmapper"
add chain=tcp protocol=tcp dst-port=137-139 action=drop comment="Deny NBT"
add chain=tcp protocol=tcp dst-port=445 action=drop comment="Deny cifs"
add chain=tcp protocol=tcp dst-port=2049 action=drop comment="Deny NFS"
add chain=tcp protocol=tcp dst-port=12345-12346 action=drop comment="Deny NetBus"
add chain=tcp protocol=tcp dst-port=20034 action=drop comment="Deny NetBus"
add chain=tcp protocol=tcp dst-port=3133 action=drop comment="Deny BackOriffice"
add chain=tcp protocol=tcp dst-port=67-68 action=drop comment="Deny DHCP"
add chain=udp protocol=udp dst-port=69 action=drop comment="Deny TFTP"
add chain=udp protocol=udp dst-port=111 action=drop comment="Deny PRC portmapper"
add chain=udp protocol=udp dst-port=135 action=drop comment="Deny PRC portmapper"
add chain=udp protocol=udp dst-port=137-139 action=drop comment="Deny NBT"
add chain=udp protocol=udp dst-port=2049 action=drop comment="Deny NFS"
add chain=udp protocol=udp dst-port=3133 action=drop comment="Deny BackOriffice"
add chain=icmp protocol=icmp icmp-options=0:0 action=accept comment="Echo reply"
add chain=icmp protocol=icmp icmp-options=3:0 action=accept comment="Net unreachable"
add chain=icmp protocol=icmp icmp-options=3:1 action=accept comment="Host unreachable"
add chain=icmp protocol=icmp icmp-options=3:4 action=accept comment="Host unreachable fragmentation required"
add chain=icmp protocol=icmp icmp-options=4:0 action=accept comment="Allow source quench"
add chain=icmp protocol=icmp icmp-options=8:0 action=accept comment="Allow echo request"
add chain=icmp protocol=icmp icmp-options=11:0 action=accept comment="Allow time exceed"
add chain=icmp protocol=icmp icmp-options=12:0 action=accept comment="Allow parameter bad"
add chain=icmp action=drop comment="Deny all other types"

roxdng · Noviembre 11, 2015, 08:38:24 PM

Solo como consejo, si no comprendes para que son las reglas no las implementes. Tus reglas dropean casi todo.

Enviado desde Oneplus One

alex543 · Noviembre 11, 2015, 09:11:13 PM

okey gracias por la información amigo

Drop input en mikrotik

alex543

roxdng

alex543

roxdng

alex543